BugTraq
Back to list
|
Post reply
CIS WebServer Directory Traversal Bug
Feb 25 2005 05:31PM
CorryL (corryl sitoverde com)
-=[ x0n3-h4ck Italian Security Team ]=-
/*Advisories*
/*
Application: CIS WebServer
Vendor's Url: www.cisindia.net
Version: 3.5.13
Platforms: Windows
Bug: Directory Traversal
Exploitation: Remote
Author: CorryL
corryl80 (at) gmail (dot) com [email concealed]
www.x0n3-h4ck.org
*
{Description}
CIS WebServer is an easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.
{Bug}
http://victimhost/../../../windows/repair/sam
A remote user succeds to read the file sam of the system where CIS WebServer
is running
{Vendor Status}
20/02/2005 Vendor notification
21/02/2005 Vendor Response
25/02/2005 No patch relase from vendor
25/02/2005 Public disclousure
{Fix}
Waiting for an official patch
_________________________________
www.seekstat.it is your web stat
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
/*Advisories*
/*
Application: CIS WebServer
Vendor's Url: www.cisindia.net
Version: 3.5.13
Platforms: Windows
Bug: Directory Traversal
Exploitation: Remote
Author: CorryL
corryl80 (at) gmail (dot) com [email concealed]
www.x0n3-h4ck.org
*
{Description}
CIS WebServer is an easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.
{Bug}
http://victimhost/../../../windows/repair/sam
A remote user succeds to read the file sam of the system where CIS WebServer
is running
{Vendor Status}
20/02/2005 Vendor notification
21/02/2005 Vendor Response
25/02/2005 No patch relase from vendor
25/02/2005 Public disclousure
{Fix}
Waiting for an official patch
_________________________________
www.seekstat.it is your web stat
[ reply ]