AppWeb Crafted URL Scripting Code Disclosure

2004-07-01T22:06:33
ID OSVDB:7390
Type osvdb
Reporter OSVDB
Modified 2004-07-01T22:06:33

Description

Vulnerability Description

Mbedthis's AppWeb on the Windows platform contains a flaw related to URLs that have trailing "." or " " appended. The bug affected only handlers that are matching by extension; if using URL prefix matching, the bug does not appear. This flaw may allow an attacker to cause a script to output as text on the screen, disclosing the contents of the script to an attacker.

Solution Description

Upgrade to version 1.0.4, 1.1.3, or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mbedthis's AppWeb on the Windows platform contains a flaw related to URLs that have trailing "." or " " appended. The bug affected only handlers that are matching by extension; if using URL prefix matching, the bug does not appear. This flaw may allow an attacker to cause a script to output as text on the screen, disclosing the contents of the script to an attacker.

References:

Vendor URL: http://www.mbedthis.com/ Vendor Specific Advisory URL Secunia Advisory ID:12011 CVE-2004-2213 Bugtraq ID: 10673