XWeb Directory Traversal Vulnerability
BID:9937
Info
XWeb Directory Traversal Vulnerability
| Bugtraq ID: | 9937 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2004 12:00AM |
| Updated: | Mar 22 2004 12:00AM |
| Credit: | Discovery of this issue is credited to Donato Ferrante. |
| Vulnerable: |
XWeb XWeb 1.0 |
| Not Vulnerable: | |
Discussion
XWeb Directory Traversal Vulnerability
XWeb is reportedly prone to directory traversal attacks. Remote attackers may exploit this issue to gain access to sensitive files outside of the server root. This would occur in the context of the server, i.e.: any files the server could access would also be accessible to the attacker.
XWeb is reportedly prone to directory traversal attacks. Remote attackers may exploit this issue to gain access to sensitive files outside of the server root. This would occur in the context of the server, i.e.: any files the server could access would also be accessible to the attacker.
Exploit / POC
XWeb Directory Traversal Vulnerability
This issue may be exploited with a web browser. The following example was submitted:
http://www.example.com/../../../../etc/passwd
This issue may be exploited with a web browser. The following example was submitted:
http://www.example.com/../../../../etc/passwd
Solution / Fix
XWeb Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.