MiniWeb Denial Of Service and Directory Traversal Vulnerabilities

Bugtraq ID:	50827
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Nov 28 2011 12:00AM
Updated:	May 31 2012 10:20PM
Credit:	Luigi Auriemma
Vulnerable:	Stanley Huang MiniWeb 0 Siemens SIMATIC WinCC flexible Runtime 0 Siemens SIMATIC WinCC Flexible 2008 SP2
Not Vulnerable:

MiniWeb Denial Of Service and Directory Traversal Vulnerabilities

MiniWeb is prone to a denial-of-service vulnerability and a directory-traversal vulnerability.

Exploiting these issues may allow remote attackers to crash the server or download arbitrary files within the context of the affected server.

MiniWeb Denial Of Service and Directory Traversal Vulnerabilities

Exploits are available. Please see the references for more information.

The following exploit code is available for the denial-of-service vulnerability:

• /data/vulnerabilities/exploits/50827.py

MiniWeb Denial Of Service and Directory Traversal Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

MiniWeb Denial Of Service and Directory Traversal Vulnerabilities

References:

• MiniWeb Homepage (MiniWeb)
  
• Siemens SIMATIC WinCC Flexible (Runtime) Multiple Vulnerabilities (Luigi Auriemma)
  
• SIMATIC WinCC flexible �?? Runtime Software Homepage (Siemens)