ID OSVDB:16237 Type osvdb Reporter Dr_insane(dr_insane@pathfinder.gr) Modified 2005-05-09T08:37:23
Description
Vulnerability Description
MyServer contains a flaw that allows a remote attacker to browse directory contents outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
MyServer contains a flaw that allows a remote attacker to browse directory contents outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
{"type": "osvdb", "published": "2005-05-09T08:37:23", "href": "https://vulners.com/osvdb/OSVDB:16237", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 5.0}, "viewCount": 0, "edition": 1, "reporter": "Dr_insane(dr_insane@pathfinder.gr)", "title": "MyServer Traversal Arbitrary Directory Listing", "affectedSoftware": [{"operator": "eq", "version": "0.8", "name": "MyServer"}], "enchantments": {"score": {"value": 5.1, "vector": "NONE", "modified": "2017-04-28T13:20:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1658"]}, {"type": "nessus", "idList": ["MYSERVER_DIR_LIST_AND_XSS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231018218"]}], "modified": "2017-04-28T13:20:12", "rev": 2}, "vulnersScore": 5.1}, "references": [], "id": "OSVDB:16237", "lastseen": "2017-04-28T13:20:12", "cvelist": ["CVE-2005-1658"], "modified": "2005-05-09T08:37:23", "description": "## Vulnerability Description\nMyServer contains a flaw that allows a remote attacker to browse directory contents outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMyServer contains a flaw that allows a remote attacker to browse directory contents outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.\n## Manual Testing Notes\nhttp://[victim]/.../.../\n## References:\nVendor URL: http://myserverweb.sourceforge.net/\nVendor URL: http://www.myserverproject.net/\n[Secunia Advisory ID:15274](https://secuniaresearch.flexerasoftware.com/advisories/15274/)\n[Related OSVDB ID: 16238](https://vulners.com/osvdb/OSVDB:16238)\n[CVE-2005-1658](https://vulners.com/cve/CVE-2005-1658)\n"}
{"cve": [{"lastseen": "2020-10-03T11:34:54", "description": "Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a \"...\" (triple dot).", "edition": 3, "cvss3": {}, "published": "2005-05-18T04:00:00", "title": "CVE-2005-1658", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1658"], "modified": "2008-09-05T20:49:00", "cpe": ["cpe:/a:myserver:myserver:0.8"], "id": "CVE-2005-1658", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1658", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:myserver:myserver:0.8:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-05-08T16:40:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1658", "CVE-2005-1659"], "description": "The remote host is running myServer, an open-source http server.\n This version is vulnerable to a directory listing flaw and XSS.\n\n An attacker can execute a cross site scripting attack,\n or gain knowledge of certain system information of the\n server.", "modified": "2020-05-06T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231018218", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231018218", "type": "openvas", "title": "myServer Directory Listing and XSS flaws", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# myServer Directory Listing and XSS flaws\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# Ref: Dr_insane\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.18218\");\n script_version(\"2020-05-06T06:57:16+0000\");\n script_cve_id(\"CVE-2005-1658\", \"CVE-2005-1659\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 06:57:16 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(13579, 13578);\n script_name(\"myServer Directory Listing and XSS flaws\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2005 David Maciejak\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"cross_site_scripting.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 0.8.1 when available\");\n\n script_tag(name:\"summary\", value:\"The remote host is running myServer, an open-source http server.\n This version is vulnerable to a directory listing flaw and XSS.\n\n An attacker can execute a cross site scripting attack,\n or gain knowledge of certain system information of the\n server.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod\", value:\"50\"); # No extra check, prone to false positives and doesn't match existing qod_types\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:80 );\n\nhost = http_host_name( dont_add_port:TRUE );\nif( http_get_has_generic_xss( port:port, host:host ) ) exit( 0 );\n\nforeach dir( make_list_unique( \"/\", http_cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/\";\n\n buf = http_get_cache( item:url, port:port );\n\n if( \"<title>MyServer</title>\" >< buf ) {\n\n url = string( dir, '/.../.../\"onmouseover=\"<script>foo</script>\"' );\n\n if( http_vuln_check( port:port, url:url, pattern:\"<script>foo</script>\", check_header:TRUE ) ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2020-06-16T02:58:38", "description": "The remote host is running MyServer, an open source http server.\nThis version is vulnerable to a directory listing flaw and cross-site\nscripting.\n\nAn attacker can execute a cross-site scripting attack, or gain \nknowledge of certain system information of the server.", "edition": 17, "published": "2005-05-10T00:00:00", "title": "MyServer 0.8 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1658", "CVE-2005-1659"], "modified": "2005-05-10T00:00:00", "cpe": ["cpe:/a:myserver:myserver"], "id": "MYSERVER_DIR_LIST_AND_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/18218", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18218);\n script_version(\"1.17\");\n\n script_cve_id(\"CVE-2005-1658\", \"CVE-2005-1659\");\n script_bugtraq_id(13579, 13578);\n\n script_name(english:\"MyServer 0.8 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running MyServer, an open source http server.\nThis version is vulnerable to a directory listing flaw and cross-site\nscripting.\n\nAn attacker can execute a cross-site scripting attack, or gain \nknowledge of certain system information of the server.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"There is no known solution at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/05/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/05/09\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value: \"cpe:/a:myserver:myserver\");\nscript_end_attributes();\n\n script_summary(english:\"Determine if MyServer is vulnerable to a XSS flaw\");\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n script_copyright(english:\"This script is Copyright (C) 2005-2020 Tenable Network Security, Inc.\");\n script_dependencie(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80, embedded:TRUE);\n\nif(!get_port_state(port))exit(0);\nif(get_kb_item(string(\"www/\", port, \"/generic_xss\"))) exit(0);\n\nbuf = http_get_cache_ka(item:\"/\", port:port);\nif( buf == NULL ) exit(0);\n\nforeach d (cgi_dirs())\n{\n if(\"<title>MyServer</title>\" >< buf )\n {\n url = string(d, '/.../.../\"onmouseover=\"<script>foo</script>\"');\n req = http_get(item:url, port:port);\n buf = http_keepalive_send_recv(port:port, data:req, bodyonly:1);\n if ( ! buf ) exit(0);\n if ( \"<script>foo</script>\" >< buf )\n\t{\n\t security_warning(port);\n\t set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\t exit(0);\n\t}\n }\n}\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
