Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| LiteServe Web Server Input Validation Flaw in Processing CGI Filenames May Disclose CGI Source Code to Remote Users |
|---|
Categorie: Vulnerability
Posted: 2002-11-18 by ReCall
Views: 355
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: An input validation vulnerability was reported in the LiteServe web server. A remote user may view the code of certain CGI scripts.
It is reported that a remote user can submit a request for a CGI script with a dot "." character (0x2E) appended to the end of the CGI script file name to view the contents of the CGI script. This is reportedly due to the way in which Microsoft Windows-based operating systems may ignore a trailing dot character on a file name.
A demonstration exploit script is available in the Source Message.
Impact: A remote user can view CGI source code on the server.
Solution: No solution was available at the time of this entry. The vendor reportedly plans to issue a fixed
version (2.03), to be available at:
http://www.cmfperception.com/liteserve.html
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=327
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
