GoAhead WebServer Directory Management Policy Bypass Vulnerability
BID:9450
Info
GoAhead WebServer Directory Management Policy Bypass Vulnerability
| Bugtraq ID: | 9450 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2004 12:00AM |
| Updated: | Jan 19 2004 12:00AM |
| Credit: | Discovery is credited to Luigi Auriemma. |
| Vulnerable: |
GoAhead Software GoAhead WebServer 2.1.8 GoAhead Software GoAhead WebServer 2.1.7 GoAhead Software GoAhead WebServer 2.1.6 GoAhead Software GoAhead WebServer 2.1.5 GoAhead Software GoAhead WebServer 2.1.4 GoAhead Software GoAhead WebServer 2.1.3 GoAhead Software GoAhead WebServer 2.1.2 GoAhead Software GoAhead WebServer 2.1.1 GoAhead Software GoAhead WebServer 2.1 GoAhead Software GoAhead WebServer 2.0 |
| Not Vulnerable: | |
Discussion
GoAhead WebServer Directory Management Policy Bypass Vulnerability
GoAhead WebServer is prone to a vulnerability that may permit remote attackers to bypass directory management policy.
It is reported that certain syntax may be used in HTTP GET requests to bypass the policy for how certain request should be handled, for example, a script that should be interpreted may be downloaded by the attacker instead.
This could allow for unauthorized access to resources hosted on the server, likely resulting in disclosure of sensitive information such as script source code. The exact consequences will depend on what sort of directory management policy is in place and also the nature of information included in scripts or other sensitive resources hosted on the server.
GoAhead WebServer is prone to a vulnerability that may permit remote attackers to bypass directory management policy.
It is reported that certain syntax may be used in HTTP GET requests to bypass the policy for how certain request should be handled, for example, a script that should be interpreted may be downloaded by the attacker instead.
This could allow for unauthorized access to resources hosted on the server, likely resulting in disclosure of sensitive information such as script source code. The exact consequences will depend on what sort of directory management policy is in place and also the nature of information included in scripts or other sensitive resources hosted on the server.
Exploit / POC
GoAhead WebServer Directory Management Policy Bypass Vulnerability
This issue may be exploited with a web browser. The following examples were provided:
http://www.example.com/\cgi-bin/[file]
http://www.example.com/\\\cgi-bin/[file]
http://www.example.com/%5ccgi-bin/[file]
This issue may be exploited with a web browser. The following examples were provided:
http://www.example.com/\cgi-bin/[file]
http://www.example.com/\\\cgi-bin/[file]
http://www.example.com/%5ccgi-bin/[file]
Solution / Fix
GoAhead WebServer Directory Management Policy Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
GoAhead WebServer Directory Management Policy Bypass Vulnerability
References:
References:
- GoAhead WebServer Product Homepage (GoAhead Software)
- Directories management bypassing in Goahead webserver <= 2.1.8 (Luigi Auriemma
)