BID:2060

Apache Web Server with Php 3 File Disclosure Vulnerability

Info

Apache Web Server with Php 3 File Disclosure Vulnerability

Bugtraq ID:	2060
Class:	Input Validation Error
CVE:	CVE-2001-0042
Remote:	Yes
Local:	Yes
Published:	Dec 06 2000 12:00AM
Updated:	Jul 11 2009 03:56AM
Credit:	Discovered and posted to Bugtraq by china nsl <[email protected]> on Dec 6, 2000.
Vulnerable:	Apache Apache 1.3 + Apple Mac OS X 10.3.2 + Apple Mac OS X 10.3.1 + Apple Mac OS X 10.3 + Apple Mac OS X 10.2.8 + Apple Mac OS X 10.2.7 + Apple Mac OS X 10.2.6 + Apple Mac OS X 10.2.5 + Apple Mac OS X 10.2.4 + Apple Mac OS X 10.2.3 + Apple Mac OS X 10.2.2 + Apple Mac OS X 10.2.1 + Apple Mac OS X 10.2 + Apple Mac OS X 10.1.5 + Apple Mac OS X 10.1.4 + Apple Mac OS X 10.1.3 + Apple Mac OS X 10.1.2 + Apple Mac OS X 10.1.1 + Apple Mac OS X 10.1 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.1.5 + Apple Mac OS X Server 10.1.4 + Apple Mac OS X Server 10.1.3 + Apple Mac OS X Server 10.1.2 + Apple Mac OS X Server 10.1.1 + Apple Mac OS X Server 10.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0

Not Vulnerable:

Discussion

Apache Web Server with Php 3 File Disclosure Vulnerability

Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language.

By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known file that resides on the target host.

Successful exploitation of this vulnerability could lead to the disclosure of sensitive information and possibly assist in further attacks against the victim.

Exploit / POC

Apache Web Server with Php 3 File Disclosure Vulnerability

The following example has been provided by china nsl <[email protected]>:

http://target/index.php3.%5c../..%5cconf/httpd.conf

Solution / Fix

Apache Web Server with Php 3 File Disclosure Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

References

Apache Web Server with Php 3 File Disclosure Vulnerability

References:

Apache Software Foundation Homepage (Apache Software Foundation)