Bajie Webserver File Reading Vulnerability

Bajie HTTP server is a free webserver written in Java. It is vulnerable to an interesting attack, if four trailing dots are appended to a request (ie, "/lala/...."), the contents of the root directory of the victim hosts filesystem are listed. The hacker can then proceed to view any file on the system, which can lead to a compromise of local system access.


 

Privacy Statement
Copyright 2010, SecurityFocus