Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
Categorie: Vulnerability
Posted: 2004-02-24 by ReCall
Views: 391
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: STG Security reported a vulnerability in Apache for the cygwin environment. A remote user can traverse the directory to view files on the target system.

It is reported that a remote user can supply the following type of URL to view files on the target system:

http://[server]/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini

Th e vendor was reportedly notified on January 15, 2004.

Jeremy Bae is credited with discovering the flaw.

Impact: A remote user can view files on the system.

Solution: A patch for Apache 1.3.29 is available at:



http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=10222

No solution was available at the time of this entry for Apache version 2.
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=738

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES