Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Xitami Web Server Vendors:   iMatix
Xitami Web Server Flaw in Processing Errors May Allow Remote Users to View CGI Source Code
SecurityTracker Alert ID:  1004336
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 21 2002
Impact:   Disclosure of user information

Version(s): 2.4d9 and prior versions
Description:   An information disclosure vulnerability was reported in the Xitami Web Server. A remote user may be able to view CGI source code contents on the system.

SecuriTeam reported that there is an error in Xitami's processing of script errors (including missing interpreters). A remote user could supply a specially crafted URL designed to cause an error to the Xitami web server in order to cause the web server to display the CGI script contents.

No further details were provided.

The vendor has reportedly been notified.

SecuriTeam credits Matthew Murphy with reporting this bug.

Impact:   A remote user may be able to view CGI source code on the web server.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), OpenVMS, UNIX (Any), Windows (Me), Windows (NT), Windows (95), Windows (98)

Message History:   None.

 Source Message Contents

Subject:  [NEWS] Xitami CGI Processing Failure Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site:
- - promotion

When was the last time you checked your server's security?
How about a monthly report? - Know that you're safe.
- - - - - - - - -

  Xitami CGI Processing Failure Vulnerability


 <> Xitami is a high-quality portable 
free web server. An error in the way Xitami handles script processing 
errors (including missing interpreters) could allow an attacker to steal 
CGI script contents.


Vulnerable systems:
 * iMatix Co. Xitami Web Server version 2.4d9 and earlier.

Vendor Status:
iMatix support was notified 1 month ago, no response has been received.

If your CGI runs as expected, this vulnerability cannot be exploited (i.e. 
if no error occurs the CGI's source code is not served).


The information has been provided by  <> 
Matthew Murphy.


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
In order to subscribe to the mailing list, simply forward this email to: 


The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
 profits or special damages. 


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC