HTTP 1.1 GET Request Directory Traversal Vulnerability
BID:39590
Info
HTTP 1.1 GET Request Directory Traversal Vulnerability
| Bugtraq ID: | 39590 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2010 12:00AM |
| Updated: | Apr 20 2010 12:00AM |
| Credit: | chr1x |
| Vulnerable: |
HTTP HTTP 1.1 |
| Not Vulnerable: | |
Discussion
HTTP 1.1 GET Request Directory Traversal Vulnerability
The HTTP application is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further attacks.
HTTP 1.1 is vulnerable; other versions may also be affected.
The HTTP application is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further attacks.
HTTP 1.1 is vulnerable; other versions may also be affected.
Exploit / POC
HTTP 1.1 GET Request Directory Traversal Vulnerability
An attacker can exploit this issue with a web browser.
The following example request is available:
GET /..\..\\..\..\\..\..\\..\..\\\boot.ini HTTP/1.0
An attacker can exploit this issue with a web browser.
The following example request is available:
GET /..\..\\..\..\\..\..\\..\..\\\boot.ini HTTP/1.0
Solution / Fix
HTTP 1.1 GET Request Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].