IBM alphaWorks TFTP Server for Java Discloses Files to Remote Users
|
|
SecurityTracker Alert ID: 1002061 |
|
SecurityTracker URL: http://securitytracker.com/id/1002061
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 20 2001
|
Impact:
Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
|
Description:
A vulnerability was reported in the IBM alphaWorks TFTP Server for java that allows remote users to view any world-readable files on the server.
The server is reportedly vulnerable to a standard directory traversal attack. A remote user can use '../' characters to traverse the directory and obtain any files that are world readable.
The vendor has reportedly been notified.
|
Impact:
A remote user can view any world-readable files on the server.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: alphaworks.ibm.com/tech/TFTP (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Java, UNIX (AIX), Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 20 Jul 2001 13:31:11 +0200
Subject: IBM TFTP Server for Java vulnerability
|
Vulnerability:
The IBM alphaWorks TFTP Server for Java available at http://alphaworks.ibm.com/tech/TFTP is vulnerable to a standard directory traversal
attack (i.e. ../../).
Vendor Response:
The vendor was contacted on 19 June 2001 and responded on 20 June 2001 as follows:
"We will take a look at the issue and fix it as soon as possible".
Further correspondence requesting when a fix will be released has been ignored.
Solution:
None.
|
|
