Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDavid EndlerPACKETSTORM:29741
HistorySep 24, 2002 - 12:00 a.m.

idefense.dinoweb.txt

2002-09-2400:00:00
David Endler
packetstormsecurity.com
21

0.026 Low

EPSS

Percentile

90.4%

JSON
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
iDEFENSE Security Advisory 09.23.2002  
Directory Traversal in Dino's WebServer  
  
DESCRIPTION  
  
A vulnerability exists in the latest version of DinoΒ’s Webserver that  
can allow an attacker to view and retrieve any file on the system.   
  
The Common Vulnerabilities and Exposures project (cve.mitre.org) has  
assigned the name CAN-2002-1133 to this issue.  
  
ANALYSIS  
  
An exploit is possible from an attacker constructing a URL that would  
cause Dino's Webserver to navigate to any desired folder in the same  
logical drive and access the files in it. This can be achieved by  
using the URL encoded character representations of "/" and "\". This  
allows a user to traverse the server to any directory on the same  
logical drive as the web application. e.g.  
http://$host/%2f..%2f..%2f..$directory$file  
  
This issue is similar to CVE-2002-0111 which involved a traditional  
.. directory traversal flaw that was fixed.  
  
  
DETECTION  
  
This vulnerability affects DinoΒ’s Webserver version 1.2  
  
  
VENDOR RESPONSE  
  
The author Anders Jensen, [email protected], stated:  
  
"My webserver will be removed from the download`s that I control, I  
neither hav the time or resources to do anything else at the moment."  
  
The public download site, http://home.no.net/~nextgen/ has been  
replaced with a message reading "Dino`s FunSoft is no longer  
available. the software will maybe somtime in the future be available  
on another label, but when and if for shure I really can`t tell,  
sorry. Dino_"  
  
Dino's Webserver remains available however via many other download  
sites such as download.com, etc.  
  
  
DISCLOSURE TIMELINE  
  
8/10/2002 - Disclosed to iDEFENSE  
9/6/2002 - Disclosed to Vendor, Anders Jensen  
9/6/2002 - Disclosed to iDEFENSE Clients  
9/14/2002 - Vendor Response  
9/23/2002 - Public Disclosure  
  
  
CREDIT  
  
This issue was exclusively disclosed to iDEFENSE by Tamer Sahin  
([email protected]).   
  
  
Get paid for security research:  
http://www.idefense.com/contributor.html  
  
  
David Endler, CISSP  
Director, Technical Intelligence  
iDEFENSE, Inc.  
14151 Newbrook Drive  
Suite 100  
Chantilly, VA 20151  
voice: 703-344-2632  
fax: 703-961-1071  
  
[email protected]  
www.idefense.com  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: PGP 7.1.2  
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4B0ACC2A  
  
iQA/AwUBPY98GUrdNYRLCswqEQI72ACg9Wk4Sz3/UMw48BBuexmMeYDbO7kAoMKX  
KWsbJK1rUChBvXQcW/0wbB4F  
=ymjN  
-----END PGP SIGNATURE-----  
  
`

Related

cvelist 2
nvd 2
cve 2
cvelist
cvelist
CVE-2002-1133
2002-09-24 04:00:00
CVE-2002-0111
2002-06-25 04:00:00
nvd
nvd
CVE-2002-1133
2002-10-04 04:00:00
CVE-2002-0111
2002-03-25 05:00:00
cve
cve
CVE-2002-0111
2002-06-25 04:00:00
CVE-2002-1133
2002-10-04 04:00:00

0.026 Low

EPSS

Percentile

90.4%

JSON
Related for PACKETSTORM:29741
cvelist2nvd2cve2