Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| RaidenHTTPD Discloses PHP Source Code and Lets Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2005-03-03 by ReCall
Views: 390
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: Tan Chew Keong of SIG^2 reported two vulnerabilities in RaidenHTTPD. A remote user can view the source code of PHP scripts on the target system. A remote user may also be able to execute arbitrary code on the target system.
A remote user can request a specially crafted URL to obtain the source code of PHP scripts on the server.
A remote user can submit a specially crafted HTTP request with a URL that is longer than 524 characters to trigger a buffer overflow and execute arbitrary code. The code will run with Local System privileges.
The vendor was notified on February 22, 2005.
The original advisory is available at:
http://www.security.org.sg/vuln/raidenhttpd1132.html credit:Tan Chew Keong of SIG^2 reported this vulnerability.
Impact: A remote user can view the source code of PHP scripts on the target system.
A remote user may be able to execute arbitrary code on the target system with Local System privileges.
Solution: The vendor has released a fixed version (1.1.34).
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1400
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
