Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   4D Web Server Vendors:   4D, Inc.
4D Web Server Discloses All Files on the Drive to Remote Users
SecurityTracker Alert ID:  1002232
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 22 2001
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 6.57; possibly others
Description:   A directory traversal vulnerability was reported in 4D's web server, allowing remote users to view any file on the drive that the server is installed on.

A remote user can request the following type of URLs (preceeded by 'http://[targethost]') to trigger the vulnerability:


The vendor has reportedly been notified.

Impact:   A remote user can view any file on the system that is located on the same drive as the web server.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Apple (Legacy "classic" Mac), Windows (NT)
Underlying OS Comments:  Tested on Windows NT; not tested on MacOS

Message History:   None.

 Source Message Contents

Subject:  ACI 4D WebServer Directory traversal.

----- Forwarded by Kevin R Finisterre/OH/CheckFree on 08/20/2001 10:43 AM
                    KF <>                                                                                   
                    Sent by:                          To:,                                   
                    elguapo@clmboh1-smtp3.colum       cc:                                                                       
                                  Subject:     I have found a security hole in your product...              
                    08/18/2001 09:39 PM                                                                                         

current version: 6.7
tested version: 6.57 , others?

This directory transversal hole seems to work on
ACI 4d webserver running on the NT platform. I would imagine
exploitation on a macos box would be similar but would require
the proper mac filesystem path to the file you wish to view.

Server: ACI-4D/6.57

Http://host + one of the following urls.




Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC