AnalogX SimpleServer:WWW Encoded Traversal Read Arbitrary File

2000-07-26T00:00:00
ID OSVDB:388
Type osvdb
Reporter OSVDB
Modified 2000-07-26T00:00:00

Description

Vulnerability Description

AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to view arbitrary files. The issue is due to the server not sanitizing URI requests. By using a combination of %2E encoding and/or "../../" traversal attacks, the remote attacker can view arbitrary files outside of the web root.

Solution Description

Upgrade to version 1.07 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to view arbitrary files. The issue is due to the server not sanitizing URI requests. By using a combination of %2E encoding and/or "../../" traversal attacks, the remote attacker can view arbitrary files outside of the web root.

Manual Testing Notes

http://www.victim.com/%2E%2E/file.dat

http://www.victim.com/%2E%2E/%2E%2E/windows/user.dat

References:

Vendor URL: http://www.analogx.com/contents/download/network/sswww.htm Other Advisory URL: http://www.attrition.org/security/advisory/foundstone/fs-072600-8-ana Nessus Plugin ID:10489 ISS X-Force ID: 4999 CVE-2000-0664 Bugtraq ID: 1508