webfs Arbitrary File and Directory Access

2003-09-30T07:58:41
ID OSVDB:2619
Type osvdb
Reporter OSVDB
Modified 2003-09-30T07:58:41

Description

Vulnerability Description

webfs contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "hostname" variable(s).

Solution Description

Upgrade to version 1.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

webfs contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "hostname" variable(s).

References:

Vendor URL: http://bytesex.org/webfs.html Vendor Specific Advisory URL Secunia Advisory ID:9879 Related OSVDB ID: 3996 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0518.html Keyword: Directory Traversal ISS X-Force ID: 13309 CVE-2003-0832 Bugtraq ID: 8724