sthttpd 'thttpd.log' Insecure File Permissions Vulnerability
BID:58127
Info
sthttpd 'thttpd.log' Insecure File Permissions Vulnerability
| Bugtraq ID: | 58127 |
| Class: | Design Error |
| CVE: |
CVE-2013-0348 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 22 2013 12:00AM |
| Updated: | Dec 17 2013 04:37AM |
| Credit: | Agostino Sarubbo |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
sthttpd 'thttpd.log' Insecure File Permissions Vulnerability
sthttpd is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
sthttpd is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
Exploit / POC
sthttpd 'thttpd.log' Insecure File Permissions Vulnerability
Attackers can use readily available tools and standard commands to exploit this issue.
Attackers can use readily available tools and standard commands to exploit this issue.
Solution / Fix
sthttpd 'thttpd.log' Insecure File Permissions Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
sthttpd 'thttpd.log' Insecure File Permissions Vulnerability
References:
References: