SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   FsPHPGallery Vendors:   gallery.devrandom.org.uk
FsPHPGallery Input Validation Error May Let Remote Users Obtain Directory Listings
SecurityTracker Alert ID:  1012063
SecurityTracker URL:  http://securitytracker.com/id/1012063
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 3 2004
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.2
Description:   An input validation vulnerability was reported in FsPHPGallery. A remote user may be able to view directories on the target system.

The vendor reported that there is a security issue in the path sanitization code. From code review, it appears that the software may not properly detect directory traversal attacks where the '..' directory traversal characters are specified in the HTTP GET request.

Impact:   A remote user may be able to view directory listings for arbitrary directories located outside of the image directory.
Solution:   The vendor has issued a fixed version (1.2), available at:

http://gallery.devrandom.org.uk/releases/fsphpgallery-1.2.tar.gz

Vendor URL:  gallery.devrandom.org.uk/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC