SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   SiteWare Vendors:   ScreamingMedia Inc.
(A Similar Vulnerability Discloses SiteWare Authentication Data) Re: ScreamingMedia's SiteWare Web Publishing System Lets Remote Users View Any Files on the Server
SecurityTracker Alert ID:  1001749
SecurityTracker URL:  http://securitytracker.com/id/1001749
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 14 2001
Impact:   Disclosure of system information, Disclosure of user information, error
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.5, 2.501, 3.0, 3.01, 3.02, and 3.1; versions prior to 2.5 are no longer supported but may be vulnerable
Description:   Foundstone warned of another similar vulnerability in ScreamingMedia's SiteWare that allows remote users to view the source code of any file witin the server's web root directory structure.

It is reported that this vulnerability exists in the Editor's Desktop component of SiteWare. It is also reported that the product stores site user names and passwords in clear text files that can be obtained by exploiting this vulnerability.

For example, the source code of a template can be viewed by a remote user sending the following URL:

http://[targethost]:30001/../../template/shared/indexTemplate.xml

It is reported that this vulnerability lets a remote user view any file within the SITEWare/threads/Editor directory.

Impact:   A remote user can view the source code of world readable files located anywhere within the web root document directory structure.
Solution:   The vendor plans to issue fixed versions. See the Vendor URL for the vendor's advisory.
Vendor URL:  www.screamingmedia.com/security/sms1001.php (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 14 2001 ScreamingMedia's SiteWare Web Publishing System Lets Remote Users View Any Files on the Server



 Source Message Contents

Subject:  ScreamingMedia SITEWare source code disclosure vulnerability


FS Advisory ID:         FS-061201-18-SMSW

Release Date:           June 11, 2001

Product:                ScreamingMedia SITEWare

Vendor:                 ScreamingMedia Inc.
                        (http://www.screamingmedia.com)

Vendor Advisory:        http://www.screamingmedia.com/security/sms1001.php

Type:                   Source code disclosure vulnerability

Severity:               High

Author:                 Mike Shema (mike.shema@foundstone.com)
                        Foundstone, Inc. (http://www.foundstone.com)

Operating Systems:      All operating systems

Vulnerable versions:    SITEWare 2.5
                        SITEWare 3.0

Foundstone Advisory:
http://www.foundstone.com/cgi-bin/display.cgi?Content_ID=325
---------------------------------------------------------------------

Description

        A source code disclosure vulnerability exists with
        ScreamingMedia's SITEWare Editor's Desktop.  This
        vulnerability allows for the arbitrary viewing of world-
        readable files within the web document root. It should also be
        noted that ScreamingMedia stores site user names and passwords
        in clear text files.

Details

        The SITEWare Editor's Desktop is a web-based administration
        front-end for ScreamingMedia content.  The listening server
        can be assigned an arbitrary port on which to listen.  For
        example, template source can be viewed by the URL:

        http://server:30001/../../template/shared/indexTemplate.xml

        Any file within the SITEWare/threads/Editor directory can be
        viewed, but not system files outside of this root.
        
Proof of concept
        
        From a browser, make the following URL request:

        http://server:30001/../../template/shared/indexTemplate.xml

Solution

        Refer to the advisory published by ScreamingMedia at:

        http://www.screamingmedia.com/security/sms1001.php

        Customers should obtain upgraded software by contacting their
        customer support representative to obtain patches.

Credits

	We would also like to thank ScreamingMedia. for their prompt
        reaction to this problem and their co-operation in heightening
        security awareness in the security community.

Disclaimer

        The information contained in this advisory is the copyright
        (C) 2001 of Foundstone, Inc. and believed to be accurate at
        the time of printing, but no representation or warranty is
        given, express or implied, as to its accuracy or
        completeness. Neither the author nor the publisher accepts
        any liability whatsoever for any direct, indirect or
        conquential loss or damage arising in any way from any use
        of, or reliance placed on, this information for any purpose.
        This advisory may be redistributed provided that no fee is
        assigned and that the advisory is not modified in any way.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC