Falcon Web Server Arbitrary File Access

1999-10-24T00:00:00
ID OSVDB:1127
Type osvdb
Reporter Andrew Reiter(areiter@bos.bindview.com)
Modified 1999-10-24T00:00:00

Description

Vulnerability Description

Falcon Web Server contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

Solution Description

Upgrade to version 1.0.0.1008 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Falcon Web Server contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

References:

Vendor URL: http://www.blueface.com/products.html#fws Other Advisory URL: http://razor.bindview.com/publish/advisories/adv_falcon.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1399.html Keyword: Directory Traversal ISS X-Force ID: 3386 CVE-1999-0881 Bugtraq ID: 743