NetServe Web Server Directory Traversal and Admin Password Disclosure

2003-11-18T06:49:53
ID OSVDB:2830
Type osvdb
Reporter OSVDB
Modified 2003-11-18T06:49:53

Description

Vulnerability Description

NetServe Web Server contains a flaw that allows remote attackers to view the contents of any file the web server has access to. The flaw is due to the server not checking URL input for "../" style directory traversal attacks. Using the traversal attack, a remote attacker is able to access the web server config file (config.dat) which reveals important server configuration information as well as the administrative password.

Solution Description

Upgrade to version 1.08 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NetServe Web Server contains a flaw that allows remote attackers to view the contents of any file the web server has access to. The flaw is due to the server not checking URL input for "../" style directory traversal attacks. Using the traversal attack, a remote attacker is able to access the web server config file (config.dat) which reveals important server configuration information as well as the administrative password.

Manual Testing Notes

http://[victim]/../test/ http://[victim]/../../../../boot.ini http://[victim]/../config.dat

References:

Secunia Advisory ID:10253 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0189.html ISS X-Force ID: 13776 Bugtraq ID: 9059