Robin Twombly A1 HTTP Server Directory Traversal Vulnerability
BID:2436
Info
Robin Twombly A1 HTTP Server Directory Traversal Vulnerability
| Bugtraq ID: | 2436 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 27 2001 12:00AM |
| Updated: | Feb 27 2001 12:00AM |
| Credit: | Discovered and posted to Bugtraq on Feb 27, 2001 by <[email protected]>. |
| Vulnerable: |
Robin Twombly A1 Web Server 1.0 |
| Not Vulnerable: | |
Discussion
Robin Twombly A1 HTTP Server Directory Traversal Vulnerability
It is possible for a remote user to gain read access to directories and files outside the web root. Requesting a specially crafted URL composed of '../' sequences will disclose an arbitrary directory, appending the known filename will disclose the requested resource.
It is possible for a remote user to gain read access to directories and files outside the web root. Requesting a specially crafted URL composed of '../' sequences will disclose an arbitrary directory, appending the known filename will disclose the requested resource.
Exploit / POC
Robin Twombly A1 HTTP Server Directory Traversal Vulnerability
The following example has been provided by <[email protected]>:
http://target/../../../../../../Scandisk.log
The following example has been provided by <[email protected]>:
http://target/../../../../../../Scandisk.log
Solution / Fix
Robin Twombly A1 HTTP Server Directory Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Robin Twombly A1 HTTP Server Directory Traversal Vulnerability
References:
References:
- A1 Web Server Homepage (Robin Twombly)