| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jun 2003 20:43:08 +0200 From: "Rushjo@...pbit.org" <rushjo@...pbit.org> To: bugtraq@...urityfocus.com Subject: TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 contributed by: rushjo ====================================================================================== Tripbit Security Advisory TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 ====================================================================================== PROGRAM: iWeb Server 2 HOMEPAGE: http://www.ashleybrown.co.uk/iweb/ VULNERABLE VERSIONS: 2 RISK: High/Medium IMPACT: Directory Transversal Vulnerability RELEASE DATE: 2003-06 ====================================================================================== TABLE OF CONTENTS ====================================================================================== 1..........................................................DESCRIPTION 2..............................................................DETAILS 3............................................................SOLUTIONS 4........................................................VENDOR STATUS 5..............................................................CREDITS 6...........................................................DISCLAIMER 7...........................................................REFERENCES 8.............................................................FEEDBACK 1. DESCRIPTION ====================================================================================== "The iWeb Mini Web Server is a mini web server designed for use on Intranets and for testing websites in a realistic environment." (This description is taken from the website of Ashley Brown) 2. DETAILS ====================================================================================== ยค Directory Transversal Vulnerability: There is an other Directory Transversal Vulnerability in iWeb Server which allows an remote attackers to see the content of the requested file. for example: http://host/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows\system.ini 3. SOLUTIONS ====================================================================================== No solution for the moment. 5. VENDOR STATUS ====================================================================================== The vendor has reportedly been notified. But the vendor told us that is an old bug. We don't think so. 6. CREDITS ====================================================================================== Discovered by posidron 7. DISLAIMER ====================================================================================== The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. 8. REFERENCES ====================================================================================== - Original Version: http://www.tripbit.org 9. FEEDBACK ====================================================================================== Please send suggestions, updates, and comments to: Tripbit Security Advisory http://www.tripbit.org rushjo@...pbit.org posidron@...pbit.org
Powered by blists - more mailing lists