SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Abyss Web Server Vendors:   Aprelium Technologies
Abyss Web Server Discloses Web Server Password File to Remote Users
SecurityTracker Alert ID:  1004009
SecurityTracker URL:  http://securitytracker.com/id/1004009
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 10 2002
Impact:   Disclosure of authentication information, Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.0
Description:   A vulnerability was reported in Aprelium's Abyss Web Server. A remote user can obtain web server passwords.

A remote user may also be able to view files located on the server (however, that has not been confirmed).

A remote user can supply an HTTP GET request containing UNICODE characters to obtain the web server configuration file, which apparently contains web server passwords. A demonstration exploit example is provided:

http://127.0.0.1/cgi-bin/%2e%2e/abyss.conf

Impact:   A remote user can view the web server configuration file which contains web server passwords.
Solution:   The vendor has released a fixed version that is available from the vendor's web site:

http://www.aprelium.com/abyssws/download.php

Vendor URL:  www.aprelium.com/abyssws/index.html (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Abyss Webserver 1.0 Administration password file retrieval exploit




Abyss Web Server was just released April 3rd . The Web Server is vulnerable 
to retrieving the password file on the host's computer. An attacker can send 
a request to get the password file just by breaking WWWROOT using Unicode.

heres a report i wrote
NETCRA$H SECURITY REPORT

Abyss Web Server 1.0 Download password file to gain admin access

Author: Sitedude

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Date: April 7, 2002

Class: Bad Programming Vulnerable to Unicode fault

Remote/Local: Local & Remote

Vulnerable: Abyss Webserver 1.0 .

Unaffected: N/A

Vulnerable Systems: Windows 95

Windows 98 (All Builds)

Windows NT (All Builds)

Windows 2000 (All Builds)

Windows XP (All Builds)



Abstract:

Abyss Web Server was just released April 3rd . The

Web Server is vulnerable to retrieving the password file on the host's 
computer. An attacker can send

a request to get the password file just by breaking WWWROOT using Unicode.



Exploit:

http://127.0.0.1/cgi-bin/%2e%2e/abyss.conf



Workaround:
Download the patch below



Vendor Status:
The vendor has been contacted and provided a fix.



Product Fix:
We emailed the company and they have provided a fix

Abyss Webserver Unicode fix
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




We at NetCrash Studios e-mailed the company and they did manage to fix the 
problem and provide us with the patch

were hosting the patch on our site
http://www26.brinkster.com/netcrash/abyssws.zip



This is the reply from Aprelium Technologies

-----------------------------------------------------------------------
First of all, thank you for your interest in Abyss Web Server and thank 
youfor the bug report you sent.
The bug was confirmed and it has been fixed.
You'll find a patched abyssws executable attached to this mail. Please
uncompress it and replace the original one with it.

If you have other questions or remarks, please do not heistate to contact
us.

Best regrads,

Moez Mahfoudh
CTO & Co-founder
Aprelium Technologies
http://www.aprelium.com
------------------------------------------------------------------------

Thanks for taking your time to read this.
Jeremy
NetCrash Studios http://www26.brinkster.com/netcrash



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC