T. Hauck Jana Server 1.45/1.46 Hex Encoded Directory Traversal Vulnerability

2001-05-07T00:00:00
ID EDB-ID:20829
Type exploitdb
Reporter neme-dhc
Modified 2001-05-07T00:00:00

Description

T. Hauck Jana Server 1.45/1.46 Hex Encoded Directory Traversal Vulnerability. CVE-2001-0557. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/2703/info

It is possible for a remote user to traverse the directories of a host running Jana Server. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal arbitrary directories. In addition to revealing directories, this vulnerability could enable a user to obtain the contents of files readable by the webserver user. 

www.example.com/%2e%2e/%2e%2e/

www.example.com/%2e%2e/%2e%2e/filename