Herberlin BremsServer Directory Traversal Vulnerability
BID:9493
Info
Herberlin BremsServer Directory Traversal Vulnerability
| Bugtraq ID: | 9493 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-2112 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2004 12:00AM |
| Updated: | Nov 17 2011 10:15PM |
| Credit: | "Donato Ferrante" <[email protected]>. |
| Vulnerable: |
Herberlin BremsServer 1.2.4 Herberlin BremsServer 3.0 |
| Not Vulnerable: | |
Discussion
Herberlin BremsServer Directory Traversal Vulnerability
Herberlin BremsServer is prone to a directory-traversal vulnerability. An attacker may exploit this issue to gain access to files residing outside the web server root directory of the affected system. This issue exists due to a failure to validate user specified URI input.
BremsServer 3.0 is vulnerable; other versions may also be affected.
Herberlin BremsServer is prone to a directory-traversal vulnerability. An attacker may exploit this issue to gain access to files residing outside the web server root directory of the affected system. This issue exists due to a failure to validate user specified URI input.
BremsServer 3.0 is vulnerable; other versions may also be affected.
Exploit / POC
Herberlin BremsServer Directory Traversal Vulnerability
The following proof of concept is available:
http://www.example.com/../PATH/windows/system.ini
The following proof of concept is available:
http://www.example.com/../PATH/windows/system.ini
Solution / Fix
Herberlin BremsServer Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Herberlin BremsServer Directory Traversal Vulnerability
References:
References:
- BremsServer Home Page (Herberlin)
- Directory traversal and XSS in BremsServer 1.2.4 ("Donato Ferrante"
)