Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access

2002-08-16T00:00:00
ID OSVDB:859
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2002-08-16T00:00:00

Description

Vulnerability Description

Apache Win32 contains a flaw that allows a remote attacker to access arbitrary files and execute arbitrary binaries outside of the web path. The issue is due to the server not properly sanitizing user input, specifically encoded traversal style attacks (../../) supplied via the URI.

Solution Description

Upgrade to version 2.0.40 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Apache Win32 contains a flaw that allows a remote attacker to access arbitrary files and execute arbitrary binaries outside of the web path. The issue is due to the server not properly sanitizing user input, specifically encoded traversal style attacks (../../) supplied via the URI.

Manual Testing Notes

View arbitrary file: http://[victim]/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini

Execute arbitrary file: http://[vitim]/cgi-bin/%5c%2e%2e%5cbin%5cwintty.exe?%2dt+HELLO

References:

Vendor URL: http://httpd.apache.org/ Vendor Specific Advisory URL Related OSVDB ID: 4075 Nessus Plugin ID:11092 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-08/0146.html Keyword: Directory Traversal ISS X-Force ID: 9808 CVE-2002-0661 CIAC Advisory: m-114 Bugtraq ID: 5434