AN HTTPD Crafted Filename Request Script Source Disclosure

2006-04-03T07:47:35
ID OSVDB:24323
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2006-04-03T07:47:35

Description

Vulnerability Description

AN HTTPD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker adds additional characters to a request's filename, which will disclose the software's installation path resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.42p or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AN HTTPD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker adds additional characters to a request's filename, which will disclose the software's installation path resulting in a loss of confidentiality.

References:

Vendor URL: http://www.st.rim.or.jp/~nakata/ Security Tracker: 1015858 Secunia Advisory ID:19326 Other Advisory URL: http://secunia.com/secunia_research/2006-21/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0043.html FrSIRT Advisory: ADV-2006-1200 CVE-2006-1598 Bugtraq ID: 17350