Ashley Brown iWeb Server Directory Traversal Vulnerability

iWeb Server does not perform correct access validation on client requested paths which include "../" character sequences. It is possible for attackers to obtain files and directories outside of the webroot by requesting their path relative to the current directory. This may be exploited by a remote attacker to potentially disclose sensitive information.

The author has issued a new version that is not vulnerable to this attack.


 

Privacy Statement
Copyright 2010, SecurityFocus