RapidCache Server Arbitrary File Access

2004-01-15T06:09:52
ID OSVDB:3554
Type osvdb
Reporter OSVDB
Modified 2004-01-15T06:09:52

Description

Vulnerability Description

RapidCache contains a flaw that allows a remote attacker to read arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

RapidCache contains a flaw that allows a remote attacker to read arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

Manual Testing Notes

http://[victim]:8080/../../../../../../../../windows/win.ini

References:

Vendor URL: http://www.vicomsoft.com/rapidcache/rapidcache.main.html Secunia Advisory ID:10650 Related OSVDB ID: 3553 Other Advisory URL: http://www.elitehaven.net/rapidcache.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-01/0116.html Keyword: Directory Traversal ISS X-Force ID: 14839 Bugtraq ID: 9428