BadBlue Web Server May Disclose Password-Protected Files to Remote Users
|
|
SecurityTracker Alert ID: 1005478 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 24 2002
|
Impact: Disclosure of user information
|
Exploit Included: Yes
|
Advisory: SecurityOffice.net
|
Version(s): 1.7
|
Description: An access control vulnerability was reported in the BadBlue Web Server. A remote user can obtain certain password-protected without having to authenticate.
SecurityOffice.net reported that a remote user can supply a web request to access the contents of ostensibly protected files or folders
on the server. According to the report, only files in sub-folders of the web document root directory can be accessed via this exploit.
A
demonstration exploit URL is provided:
http://host//secret/
|
Impact: A remote user can access certain password-protected files on the web server.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.badblue.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
Reported By: Tamer Sahin <ts@securityoffice.net>
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 24 Oct 2002 21:46:29 +0300
From: Tamer Sahin <ts@securityoffice.net>
Subject: [Full-Disclosure] [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
- --[ BadBlue Web Server v1.7 Protected File Access Vulnerability ]--
- --[ Type
File Disclosure
- --[ Release Date
October 24, 2002
- --[ Product / Vendor
BadBlue is a very small footprint, Win32 web server that supports a suprisingly large
array of features: NT-based security; application-serving via ISAPI, CGI, PHP, Perl etc.;
CLF logging; virtual directories; directory browsing; service installation; etc.
http://www.badblue.com
- --[ Summary
It is possible to construct a web request which is capable of accessing the contents
of password protected files/folders on the BadBlue Web Server v1.7. This vulnerability
may only be exploited to access password-protected files in sub-folders of wwwroot.
http://host//secret/
- --[ Tested
Windows 2000 Sp3 / BadBlue Web Server v1.7
Windows 98 SE / BadBlue Web Server v1.7
- --[ Vulnerable
BadBlue Web Server v1.7
- --[ Disclaimer
http://www.securityoffice.net is not responsible for the misuse or illegal use of any
of the information and/or the software listed on this security advisory.
- --[ Author
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
All our advisories can be viewed at http://www.securityoffice.net/articles/
Please send suggestions, updates, and comments to feedback@securityoffice.net
(c) 2002 SecurityOffice
This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.
Tamer Sahin
http://www.securityoffice.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQEVAwUAPbhABvpL5ibJRTtBAQFjVgf/f3svcG2G/SuNYNh6vnIpalyudbTuNtOS
KaUFeCne57+m24zvsd7tHj1HLf3hb3m+ner1yiFygZ1oIHke5aWmAdStWjEjBtXL
3O1zrAM5NS6PZBC2XjAXnsfm/uqGcHOsDsqtLgJj2Y3tUOfPe4E07I0/AYOsYtZ3
0FKwWsYSH5Hj5hNlLUZmmBykJO23hfol5LOjLcG1lmopYhKvVwHiLFmzgqGDwBQY
d7ba0A5jHTSfvDXUqNWIo4vpx2E4l2LgQZcGRT0gxT5gyDntgvMBZhpiTb2gyxhU
he4SyaVOlvS8jPdfrnm/iGukMx6k/hfAKcRJ7yekjbnf1eb5ec99FQ==
=9kuq
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
|
