Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability
BID:23634
Info
Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability
| Bugtraq ID: | 23634 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2007 12:00AM |
| Updated: | Jul 03 2007 09:17PM |
| Credit: | suresync is credited with the discovery of this vulnerability. |
| Vulnerable: |
Progress WebSpeed 3.1 e Progress WebSpeed 3.1 d Progress WebSpeed 3.1 a |
| Not Vulnerable: | |
Discussion
Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability
Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts.
An attacker may leverage this issue to create and execute malicious WebSpeed code on the host running the webserver. Such unauthorized access may help the attacker launch other attacks.
WebSpeed 3.1a, 3.1d, and 3.1e are vulnerable; other versions may also be affected.
NOTE: Further reports suggest that this issue affects only the 'Development Mode' of the application. This mode is not intended to be used in production systems. This issue is also present when the 'tty' directory is installed.
Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts.
An attacker may leverage this issue to create and execute malicious WebSpeed code on the host running the webserver. Such unauthorized access may help the attacker launch other attacks.
WebSpeed 3.1a, 3.1d, and 3.1e are vulnerable; other versions may also be affected.
NOTE: Further reports suggest that this issue affects only the 'Development Mode' of the application. This mode is not intended to be used in production systems. This issue is also present when the 'tty' directory is installed.
Exploit / POC
Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability
An attacker can use a browser to exploit this issue.
A sample URI has been provided:
http://www.example.com/scripts/cgiip.exe/WService=wsbroker1/webutil/_cpyfile.p?options=save,editor&tempFile=dummy.tmp&fil
eName=C:/root.txt&action=last§ion=1&txt0=Test
An attacker can use a browser to exploit this issue.
A sample URI has been provided:
http://www.example.com/scripts/cgiip.exe/WService=wsbroker1/webutil/_cpyfile.p?options=save,editor&tempFile=dummy.tmp&fil
eName=C:/root.txt&action=last§ion=1&txt0=Test
Solution / Fix
Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability
References:
References: