SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   Xitami Web Server Vendors:   iMatix
Xitami Web Server Flaw in Processing Errors May Allow Remote Users to View CGI Source Code
SecurityTracker Alert ID:  1004336
SecurityTracker URL:  http://securitytracker.com/id/1004336
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 21 2002
Impact:   Disclosure of user information

Version(s): 2.4d9 and prior versions
Description:   An information disclosure vulnerability was reported in the Xitami Web Server. A remote user may be able to view CGI source code contents on the system.

SecuriTeam reported that there is an error in Xitami's processing of script errors (including missing interpreters). A remote user could supply a specially crafted URL designed to cause an error to the Xitami web server in order to cause the web server to display the CGI script contents.

No further details were provided.

The vendor has reportedly been notified.

SecuriTeam credits Matthew Murphy with reporting this bug.

Impact:   A remote user may be able to view CGI source code on the web server.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.xitami.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:   Linux (Any), OpenVMS, UNIX (Any), Windows (Me), Windows (NT), Windows (95), Windows (98)

Message History:   None.


 Source Message Contents

Date:  Mon, 20 May 2002 00:44:17 -0500
Subject:  [NEWS] Xitami CGI Processing Failure Vulnerability


The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -



  Xitami CGI Processing Failure Vulnerability
------------------------------------------------------------------------


SUMMARY

 <http://www.imatix.com/html/xitami/> Xitami is a high-quality portable 
free web server. An error in the way Xitami handles script processing 
errors (including missing interpreters) could allow an attacker to steal 
CGI script contents.

DETAILS

Vulnerable systems:
 * iMatix Co. Xitami Web Server version 2.4d9 and earlier.

Vendor Status:
iMatix support was notified 1 month ago, no response has been received.

Workaround:
If your CGI runs as expected, this vulnerability cannot be exploited (i.e. 
if no error occurs the CGI's source code is not served).


ADDITIONAL INFORMATION

The information has been provided by  <mailto:mattmurphy@kc.rr.com> 
Matthew Murphy.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
 profits or special damages. 





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC