SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   SlimServe HTTPd Vendors:   WhitSoft Development
WhitSoft's SlimServe HTTPd Web Server Gives Users Remote Access to Files Outside of the Server's Main Directory
SecurityTracker Alert ID:  1000992
SecurityTracker URL:  http://securitytracker.com/id/1000992
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 6 2001
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): ver. 1.1a
Description:   The SlimServe HTTPd web server allows authorized users to access files that reside outside of the server's web root directory.

According to the report, if you disable folder listings (a feature that is enabled by default), you will be save from viewing directories outside of the web server's web root directory. However, you will not be safe from file downloads where the file paths and names are known or can be guessed.

The vendor has reportedly been contacted.

Impact:   Authorized users can remotely access files that reside outside of the web server's root directory.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.whitsoftdev.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  SlimServe HTTPd ver. 1.1a Directory Traversal


it is possible to view dir. and (download) files outside 
of the wwwroot directory.

Exploit:
http://127.0.0.1/.../
http://127.0.0.1/.../.../directory/file.xxx

Solution:

disable folder listings (it is enabled by default), which 
will secure you from
viewing dir. outside of the wwwroot dir.But it is still 
possible to download
or view files when the location is known.

the author has been contacted on 03.March.2001.
No reply was received yet.


se00020@fhs-hagenberg.ac.at

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC