w-Agora HTTP POST Request .htaccess Bypass

2003-12-10T15:51:23
ID OSVDB:11249
Type osvdb
Reporter OSVDB
Modified 2003-12-10T15:51:23

Description

Vulnerability Description

w-Agora contains a flaw that may allow a remote attacker to access normally protected scripts. The issue is due to the default .htaccess file only restricting GET requests. This could allow an attacker to request and interact with scripts using the POST method.

Solution Description

Upgrade to version 4.1.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

w-Agora contains a flaw that may allow a remote attacker to access normally protected scripts. The issue is due to the default .htaccess file only restricting GET requests. This could allow an attacker to request and interact with scripts using the POST method.

References:

Vendor URL: http://www.w-agora.net/ Vendor Specific News/Changelog Entry: http://www.w-agora.net/current/doc/ChangeLog