JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution

ID JVN:16406395
Type jvn
Reporter Japan Vulnerability Notes
Modified 2014-12-09T00:00:00


## Description

i-HTTPD is a web server for Windows, implementing Server Side Includes (SSI). i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files (CWE-97).

## Impact

An arbitrary command may be executed on the server.

## Solution

Do not use i-HTTPD and "File Upload BBS"
i-HTTPD is no longer being developed or maintained. It is recommended to stop using i-HTTPD and "File Upload BBS".

## Products Affected

  • i-HTTPD