SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Jeuce Personal Web Server Vendors:   Jeuce.com
Jeuce Personal Web Server Discloses Files to and Can Be Crashed by Remote Users
SecurityTracker Alert ID:  1012791
SecurityTracker URL:  http://securitytracker.com/id/1012791
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 6 2005
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 2.13
Description:   Global Security Solution IT reported a vulnerability in Jeuce Personal Web Server. A remote user can view arbitrary files on the target system or crash the web server.

A remote user can supply a specially crafted URL containing '../' directory traversal characters to view arbitrary files on the target system with the privileges of the web service.

A demonstration exploit URL is provided:

http://[target]/../winnt/repair/sam

A remote user can also cause the target web service to crash with the following URL:

http://[target]/://

The vendor was notified on December 15, 2004 without response.

Impact:   A remote user can view arbitrary files on the target system with the privileges of the target web service.

A remote user can cause the target web service to crash.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.jeuce.com/ (Links to External Site)
Cause:   Access control error, Exception handling error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Jeuce Personal Web Server


--0-2102021251-1105007068=:24652
Content-Type: text/plain; charset=us-ascii
Content-Id: 
Content-Disposition: inline

 
 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
--0-2102021251-1105007068=:24652
Content-Type: text/plain; name="Jeuce.txt"
Content-Description: Jeuce.txt
Content-Disposition: inline; filename="Jeuce.txt"

06/01/05

====================================
 GSSIT - Global Security Solution IT
====================================		

-------------------------------------------------------

Application: Jeuce Personal Web Server 
Web Site:    www.jeuce.com
Versions:    2.13
Platform:    Windows 
Bugs :       
              1) Directory Traversal
              2) D.O.S
             
                           
Credits:
########

#########################################
#         ==  Ziv Kamir ==              #
#                                       #
# GSSIT - Global Security Solution IT   #                   
#                                       #            
#     Web   : www.gssit.co.il           #
#                                       #
#     Email : gss_it@yahoo.com          #
#                                       #
#########################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


================
1) Introduction
================

The Jeuce Personal Web Server has helped thousands of people just like you to expand the use of their computer in just minutes after downloading.
We've created the most user-friendly web server on the market so ANYONE can take advantage of the great uses of the webserver.

=======
2) Bugs
=======

1) Directory Traversal
    

2) D.O.S


===========
3) The Code
===========


1) http://[Target]/../winnt/repair/sam

  

2) http://[Target]/://



======
4) Fix
======

Date of Vendor Notification:
----------------------------

15/12/04

Status:  
-------

No Response.


==============================================================================================

                 *** The Data is for educational purpose only. *** 

          The information in this bulletin is provided "AS IS" without 
          warranty of any kind. In no event shall we be liable for any 
          damages whatsoever including direct, indirect, incidental, 
          consequential, loss of business profits or special damages. 

==============================================================================================
--0-2102021251-1105007068=:24652--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC