SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   AN HTTP Server Vendors:   nakata@st.rim.or.jp
AN HTTPD Discloses Script Source Code to Remote Users
SecurityTracker Alert ID:  1015858
SecurityTracker URL:  http://securitytracker.com/id/1015858
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 3 2006
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.42n
Description:   A vulnerability was reported in AN HTTPD. A remote user can view the source code of scripts on the server.

The server does not properly validate user-supplied filename extensions. A remote user can submit a URL with a specially crafted filename extension containing dot and space characters to view the source code of various types of script files on the target system.

The vendor was notified on March 22, 2006.

Tan Chew Keong of Secunia Research discovered this vulnerability.

The original advisory is available at:

http://secunia.com/secunia_research/2006-21/advisory/

Impact:   A remote user can view the source code of scripts on the target system.
Solution:   The vendor has issued a fixed version (1.42p).
Vendor URL:  www.st.rim.or.jp/~nakata/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC