BRS WebWeaver Directory Traversal Vulnerability

BRS WebWeaver is an FTPD and webserver by Blaine Southam.

WebWeaver is vulnerable to directory traversal techniques, by which a remote user may request and obtain files from outside the web root.

By submitting a properly-formatted URL to the webserver which includes '..' sequences (specifying a relative path), an attacker can traverse the webserver's directory structure and request files from outside the web root.

Properly exploited, this could permit an attacker to obtain private user data, or sensitive system-related information which could be used to further undermine system security.


 

Privacy Statement
Copyright 2010, SecurityFocus