iWeb Server Lets Remote Users View Files on the System
|
|
SecurityTracker Alert ID: 1007044
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 24 2003
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
Vendor Confirmed: Yes
|
Advisory: Tripbit Security Research Group
|
Version(s): 2
|
Description: An input validation vulnerability was reported in the iWeb Server. A remote user can traverse the directory and view files on the system.
Tripbit Security reported that a remote user can supply a specially crafted URL that contains encoded directory traversal characters
to view arbitrary files and directories on the system with the privileges of the web server process.
A demonstration exploit
URL is provided:
http://[target]/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows\system.ini
posidron is credited with discovery.
The
vendor has reportedly been notified.
|
Impact: A remote user can view files and directories on the system that are located outside of the web document directory. Files can be viewed with the privileges of the web server.
|
Solution: No solution was available at the time of this entry.
[Editor's note: The report states that the vendor believes this flaw to
be an old vulnerability. A similar directory traversal flaw was reported in April 2003 regarding URLs that contain unencoded directory
traversal characters ('../') that was reportedly corrected on April 15, 2003. Because the vendor does not publish distinct version
numbers on their web site, it is difficult to determine if the April 15th fix corrects the encoded directory traversal flaw -- Tripbit
maintains that it does not. We have asked for clarification and will update this alert accordingly.]
|
Vendor URL: www.ashleybrown.co.uk/iweb/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: "Rushjo@tripbit.org" <rushjo@tripbit.org>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 23 Jun 2003 20:43:08 +0200
From: "Rushjo@tripbit.org" <rushjo@tripbit.org>
Subject: TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2
|
TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2
contributed by: rushjo
======================================================================================
Tripbit Security Advisory
TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2
======================================================================================
PROGRAM: iWeb Server 2
HOMEPAGE: http://www.ashleybrown.co.uk/iweb/
VULNERABLE VERSIONS: 2
RISK: High/Medium
IMPACT: Directory Transversal Vulnerability
RELEASE DATE: 2003-06
======================================================================================
TABLE OF CONTENTS
======================================================================================
1..........................................................DESCRIPTION
2..............................................................DETAILS
3............................................................SOLUTIONS
4........................................................VENDOR STATUS
5..............................................................CREDITS
6...........................................................DISCLAIMER
7...........................................................REFERENCES
8.............................................................FEEDBACK
1. DESCRIPTION
======================================================================================
"The iWeb Mini Web Server is a mini web server designed for use on
Intranets and for
testing websites in a realistic environment."
(This description is taken from the website of Ashley Brown)
2. DETAILS
======================================================================================
¤ Directory Transversal Vulnerability:
There is an other Directory Transversal Vulnerability in iWeb Server
which allows
an remote attackers to see the content of the requested file.
for example:
http://host/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows\system.ini
3. SOLUTIONS
======================================================================================
No solution for the moment.
5. VENDOR STATUS
======================================================================================
The vendor has reportedly been notified. But the vendor told us that is an
old bug. We don't think so.
6. CREDITS
======================================================================================
Discovered by posidron
7. DISLAIMER
======================================================================================
The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.
8. REFERENCES
======================================================================================
- Original Version:
http://www.tripbit.org
9. FEEDBACK
======================================================================================
Please send suggestions, updates, and comments to:
Tripbit Security Advisory
http://www.tripbit.org
rushjo@tripbit.org
posidron@tripbit.org
|
|
