Herberlin BremsServer Directory Traversal

2004-01-26T08:21:26
ID OSVDB:3755
Type osvdb
Reporter OSVDB
Modified 2004-01-26T08:21:26

Description

Vulnerability Description

BremsServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by a failure to validate URLs that contain directory traversal characters, which will disclose arbitrary server file information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

BremsServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by a failure to validate URLs that contain directory traversal characters, which will disclose arbitrary server file information resulting in a loss of confidentiality.

Manual Testing Notes

http://[host]/../PATH/windows/system.ini

References:

Vendor URL: http://www.herberlin.de/ Secunia Advisory ID:10731 Related OSVDB ID: 3754 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-01/0268.html ISS X-Force ID: 14954 CVE-2004-2112 Bugtraq ID: 9493