Vulnerability in WebXQ Server

2001-04-27T00:00:00
ID SECURITYVULNS:DOC:1558
Type securityvulns
Reporter Securityvulns
Modified 2001-04-27T00:00:00

Description

----- Begin Hush Signed Message from joetesta@hushmail.com -----

Vulnerability in WebXQ Server

Overview

WebXQ v2.1.204 is a web server available from http://www.datawizard.net. A vulnerability exists which allows a remote user to break out of the ftp root.

Details

The following URL demonstrates the problem:

http://localhost/./.../[any file outside web root]



Solution

Vendor has released v2.1.205 which fixes this problem. It is available at: http://www.datawizard.net/Free_Software/WebXQ_Free/webxq_free.htm

Vendor Status

DataWizard Technologies was contacted via <webxq@datawizard.net> on Wednesday, April 25, 2001. The problem was corrected the next day.

- Joe Testa

e-mail: joetesta@hushmail.com web page: http://hogs.rit.edu/~joet AIM: LordSpankatron

----- Begin Hush Signature v1.3 ----- HfcK0KsDvkUZwYMIi9UofHt3sjf4TsjPUmeaGtAeaea7iJPJTLV0yAeeMMSquPGVfEId 6JrmzzK+4ZLl4zEpD0L3DK28ay68HLfy7SuwbV6wKcESfdhdd3Ox8qZoXfEH/zKdylby ONnHoMHHXmLjpJKmG+LFBKKx9LfhTlgGwXdVzwDVajCnO4IQ4tx0Sv3/ddHct3kQ97V7 HMWFiX1juEsUov/aYg0+d/u4y7DQWZyx1ImFIy2qY3c6l1sMRJF5zNkWuyb3LJTyCfck 30x4uCGfmq/7/mEXKgnbIKAZfVlYN+OZMMo5EszIRrR1YiJwK0tujwG86+8HyNOqG2aE UyosFcdHEKN0XNifMT7Lh4E/plQ8UEku6Q7nQ4BRPZmzQJfrkW1Gned9ZH+uKsmBJSyg yd/jPyhfJCQfL9dQvpwpv5W+AB1rQQFuQbDvq9IAwAFmEAZ110Yg0GF5IA1q18JfLjna RYwGMiEvC7E7kUA4NDKVyitcmPYHwqZlSSnqj1Je87aA ----- End Hush Signature v1.3 -----

This message has been signed with a Hush Digital Signature. To verify the signature, please go to www.hush.com/tools

Free, encrypted, secure Web-based email at www.hushmail.com