Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

BremsServer124.txt

🗓️ 26 Jan 2004 00:00:00Reported by Donato FerranteType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

BremsServer 1.2.4 has directory traversal and cross site scripting vulnerabilities needing fixes.

Code
` Donato Ferrante  
  
  
Application: BremsServer   
http://www.herberlin.de/  
  
Version: 1.2.4  
  
Bugs: directory traversal and cross site scripting  
  
Author: Donato Ferrante  
e-mail: [email protected]  
web: www.autistici.org/fdonato  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
1. Description  
2. The bugs  
3. The code  
4. The fix  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
----------------  
1. Description:  
----------------  
  
Vendor's Description:  
  
"Herberlin BremsServer is a small HTTP server you can use to test your   
web pages on your local machine."  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
-------------  
2. The bugs:  
-------------  
  
[1] directory traversal bug, the program does't make a good check on  
the user input string ( /../ ) so an attacker is able to see and  
download all the files on the remote system simply using his  
browser.  
  
[2] cross site scripting bug, the program doesn't make a full check  
on the strings sent by the client, in fact the input strings are  
not filtered and they will appear in the returned page.  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
-------------  
3. The code:  
-------------  
  
To test the vulnerabilities:  
  
  
[1]  
  
http://[host]/../PATH/windows/system.ini  
  
  
[2]  
  
http://[host]/<script>alert("Test")</script>  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
------------  
4. The fix:  
------------  
  
Bugs will be fixed in the next version of BremsServer. So go on the  
BremsServer's official web site: http://www.herberlin.de/  
and check for a new version.  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jan 2004 00:00Current
7.4High risk
Vulners AI Score7.4
bremsserverversion 1.2.4directory traversalcross site scriptingsecurity bugsdonato ferrante
22