HTTP Explorer Web Server Directory Traversal Vulnerability
BID:21712
Info
HTTP Explorer Web Server Directory Traversal Vulnerability
| Bugtraq ID: | 21712 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 21 2006 12:00AM |
| Updated: | Dec 21 2006 12:00AM |
| Credit: | str0ke is credited with the discovery of this vulnerability. |
| Vulnerable: |
HTTP Explorer Web Server 1.02 |
| Not Vulnerable: | |
Discussion
HTTP Explorer Web Server Directory Traversal Vulnerability
HTTP Explorer is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Version 1.02 is vulnerable to this issue; other versions may also be affected.
HTTP Explorer is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Version 1.02 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
HTTP Explorer Web Server Directory Traversal Vulnerability
Attackers may exploit this vulnerability via a web client.
The following proof of concept is available:
http://www.example.com/../../../../
Attackers may exploit this vulnerability via a web client.
The following proof of concept is available:
http://www.example.com/../../../../
Solution / Fix
HTTP Explorer Web Server Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
HTTP Explorer Web Server Directory Traversal Vulnerability
References:
References:
- HTTP Explorer Web Server Home Page (HTTP Explorer)