Bajie Arbitrary Shell Command Execution Vulnerability
BID:2389
Info
Bajie Arbitrary Shell Command Execution Vulnerability
| Bugtraq ID: | 2389 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Feb 15 2001 12:00AM |
| Updated: | Feb 15 2001 12:00AM |
| Credit: | Discovered and posted to Bugtraq by <[email protected]> on Feb 15, 2001. |
| Vulnerable: |
Bajie Java HTTP Server 0.78 |
| Not Vulnerable: |
Bajie Java HTTP Server 0.95 Bajie Java HTTP Server 0.78 a |
Discussion
Bajie Arbitrary Shell Command Execution Vulnerability
Requesting a specailly crafted URL containg arbitrary code, can be exected on a Unix system running Bajie Webserver. Any arbitrary commands appended to a malicious URL after the ';' will be executed as an independent job.
Requesting a specailly crafted URL containg arbitrary code, can be exected on a Unix system running Bajie Webserver. Any arbitrary commands appended to a malicious URL after the ';' will be executed as an independent job.
Solution / Fix
Bajie Arbitrary Shell Command Execution Vulnerability
Solution:
This issue has been addressed in Bajie Java HTTP Server 0.78a. The latest version of Bajie Server is 0.95 and is available at the following location:
http://www.geocities.com/gzhangx/websrv/download.html
Solution:
This issue has been addressed in Bajie Java HTTP Server 0.78a. The latest version of Bajie Server is 0.95 and is available at the following location:
http://www.geocities.com/gzhangx/websrv/download.html