ID OSVDB:10442 Type osvdb Reporter nekd0(nekd0@rambler.ru) Modified 2004-09-26T09:42:01
Description
Vulnerability Description
MyWebServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when accessing "ServerProperties.html" admin page and creating an FTP account with an arbitrary path occurs, which will disclose arbitrary files on the target server information resulting in a loss of confidentiality.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
MyWebServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when accessing "ServerProperties.html" admin page and creating an FTP account with an arbitrary path occurs, which will disclose arbitrary files on the target server information resulting in a loss of confidentiality.
Manual Testing Notes
The administrative panel allows unauthenticated access. See "http://[target]/admin/ServerProperties.html"
References:
Vendor URL: http://www.mywebserver.org
Security Tracker: 1011461
Related OSVDB ID: 10441
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0410.html
ISS X-Force ID: 17520
CVE-2004-1557
Bugtraq ID: 11254
{"type": "osvdb", "published": "2004-09-26T09:42:01", "href": "https://vulners.com/osvdb/OSVDB:10442", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/", "score": 6.4}, "viewCount": 2, "edition": 1, "reporter": "nekd0(nekd0@rambler.ru)", "title": "MyWebServer ServerProperties.html Arbitrary File Access", "affectedSoftware": [{"operator": "eq", "version": "1.0.3", "name": "MyWebServer"}], "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2017-04-28T13:20:05", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1557"]}], "modified": "2017-04-28T13:20:05", "rev": 2}, "vulnersScore": 5.2}, "references": [], "id": "OSVDB:10442", "lastseen": "2017-04-28T13:20:05", "cvelist": ["CVE-2004-1557"], "modified": "2004-09-26T09:42:01", "description": "## Vulnerability Description\nMyWebServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when accessing \"ServerProperties.html\" admin page and creating an FTP account with an arbitrary path occurs, which will disclose arbitrary files on the target server information resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMyWebServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when accessing \"ServerProperties.html\" admin page and creating an FTP account with an arbitrary path occurs, which will disclose arbitrary files on the target server information resulting in a loss of confidentiality.\n## Manual Testing Notes\nThe administrative panel allows unauthenticated access. See \"http://[target]/admin/ServerProperties.html\"\n## References:\nVendor URL: http://www.mywebserver.org\nSecurity Tracker: 1011461\n[Related OSVDB ID: 10441](https://vulners.com/osvdb/OSVDB:10441)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0410.html\nISS X-Force ID: 17520\n[CVE-2004-1557](https://vulners.com/cve/CVE-2004-1557)\nBugtraq ID: 11254\n"}
