Directory traversal in multiple Web-servers - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Directory traversal in multiple Web-servers
updated since 05.02.2001
Published: 03.10.2003
Source: BUGTRAQ
SecurityVulns ID: 971
Type: remote
Level: 6/10
Description: It's possible to leave web root by using directory traversal.

Affected: JANA : jana 1.45
SAVANT : Savant Web Server 2.1
ITAFRICA : WebActive 1.0
ROXEN : Roxen 2.0
CAUCHO : Resin 1.2
GOAHEAD : GoAhead Webserver 2.1
FRASSETTO : SEDUM HTTP Server 2.0
FREEJAVA : Free Java Web Server 1.0
Picserver
BIBLIOSCAPE : BiblioWeb Server 2.0
SOFTLITE : ServerWorx 3.00
AOL : AOLserver 3.2
TD : tdhttp
PI3 : Pi3Web 1.0
A1 : A1 Server 1.0
ORANGE : Orange Web Server 2.1
SAPIO : WebReflex 1.55
IBM : WCS4.0
IBM : IBM Application Server 3.0
JavaServer Web Dev Kit 1.0
JAKARTA : Tomcat 3.0
JAKARTA : Tomcat 3.2
ROBTEX : Viking 1.07
LOTUS : Domino 4.6
Perl Web Server 0.3
DATAWIZARD : WebXQ 2.1
FREEPEERS : BearShare 2.2
BRS : WebWeaver 0.63
JANA : jana 1.46
JANA : jana 2.0
CGI : PHProjekt 2.1
PACIFIC : Carello E-Commerce 1.2
1C : Arcadia
SNAPSTREAM : Snapstream PVS
ROXEN : Roxen 2.1
MDG : ACI-4D 6.7
APRELIUM : Abyss Webserver 1.0
SWSERVER : SWServer 2.2
RADIOBIRD : WebServer 4 Everyone 1.22
TINYHTTPD : tinyhttpd 0.1
DINO : Dino's WebServer 1.2
DB4WEB : DB4Web
MONKEY : monkey 0.1
SUN : SunONE Starter Kit 2.0
ASTAWARE : ASTAware SearchDisk 2002
MINISERVER : Mini Server 2.1
KEYFOCUS : KF Web Server 2.0
PWINS : pWins 0.2
MYSERVER : myserver 0.2
MINIHTTPSERVER : File-Sharing for NET 1.5

Original document Bahaa Naamneh, Minihttpserver File-Sharing for NET Directory Traversal Vulnerability (03.10.2003)

dong-h0un U, Directory traversing bug in 'myServer' webserver. (11.12.2002)

Matthew Wagenknecht, pWins Perl Web Server Directory Transversal Vulnerability (28.11.2002)

Matthew Murphy, KeyFocus KF Web Server File Disclosure Vulnerability (14.11.2002)

document dong-h0un U, Multiple vulnerabilities in Tiny HTTPd (12.11.2002)

Marc Ruef, Directory traversal in Daniel Arenz' Mini Server (15.10.2002)

SECURITEAM, [NT] BearShare Directory Traversal Issue Resurfaces (02.10.2002)

ET LoWNOISE, [LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware (30.09.2002)

document DownBload, IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server (30.09.2002)

Stefan.Bagdohn_(at)_guardeonic.com, Advisory: File disclosure in DB4Web (18.09.2002)

UkR-XblP, advisory (05.09.2002)

UkR-XblP, advisory (05.09.2002)

Auriemma Luigi, SWServer 2.2 directory traversal bug (29.08.2002)

document Auriemma Luigi, Abyss 1.0.3 directory traversal and administration bugs (23.08.2002)

Matt Moore, wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting (11.07.2002)

Jeremy Roberts, Abyss Webserver 1.0 Administration password file retrieval exploit (10.04.2002)

document Phuong Nguyen, JWSDK *add-on (21.08.2001)

Kevin Finisterre, ACI 4D WebServer Directory traversal. (21.08.2001)

ROXEN, Roxen security alert: URL decoding vulnerable (03.08.2001)

john_(at)_interrorem.com, Snapstream PVS vulnerability (27.07.2001)

MC GaN, NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities. (22.06.2001)

document Peter Gründl, def-2001-25: Carello E-Commerce Arbitrary Command Execution (15.05.2001)

HEXYN, Hexyn / Securax Advisory #18 - Savant WWW Unicode Directory Traversal (14.05.2001)

Albrecht Guenther, security hole in os groupware suite PHProjekt (14.05.2001)

neme-dhc_(at)_HUSHMAIL.COM, Advisory for Jana server (14.05.2001)

document joetesta_(at)_HUSHMAIL.COM, Vulnerabilities in BRS WebWeaver (03.05.2001)

Aviram Jenik, A Serious Security Vulnerability Found in BearShare (Directory Traversal) (03.05.2001)

joetesta_(at)_HUSHMAIL.COM, Vulnerability in WebXQ Server (27.04.2001)

neme-dhc_(at)_HUSHMAIL.COM, Advisory for perl webserver (25.04.2001)

document joetesta_(at)_HUSHMAIL.COM, Vulnerability in Viking Web Server (24.04.2001)

neme-dhc_(at)_HUSHMAIL.COM, Advisory for Viking (18.04.2001)

CHINANSL, CHINANSL Security Advisory(CSA-200105) (29.03.2001)

CHINANSL, CHINANSL Security Advisory(CSA-200106) (29.03.2001)

CHINANSL, CHINANSL Security Advisory(CSA-200107) (29.03.2001)

document slipy_(at)_B10Z.NET, WebReflex 1.55 HTTPd DoS (28.02.2001)

slipy@B10Z.NET, Orange Web Server v2.1 DoS (28.02.2001)

slipy@B10Z.NET, A1 Server v1.0a HTTPd (DoS & Dir Traversal) (28.02.2001)

slipy_(at)_B10Z.NET, The Simple Server HTTPd Directory Traversal (27.02.2001)

document slipy_(at)_B10Z.NET, WEBactive HTTP Server 1.0 Directory Traversal (17.02.2001)

joetesta_(at)_HUSHMAIL.COM, Vulnerabilities in Pi3Web Server (16.02.2001)

joetesta_(at)_HUSHMAIL.COM, Vulnerability in Resin Webserver (16.02.2001)

UkR-XblP, tdhttp transversal bug (13.02.2001)

document joetesta_(at)_HUSHMAIL.COM, Vulnerability in AOLserver (08.02.2001)

joetesta_(at)_HUSHMAIL.COM, Vulnerability in Soft Lite ServerWorx (08.02.2001)

joetesta_(at)_HUSHMAIL.COM, Vulnerability in Free Java Web Server (06.02.2001)

joetesta_(at)_HUSHMAIL.COM, Vulnerabilities in BiblioWeb Server (06.02.2001)

document joetesta_(at)_HUSHMAIL.COM, Vulnerability in Picserver (06.02.2001)

joetesta_(at)_HUSHMAIL.COM, Vulnerability in SEDUM HTTP Server (05.02.2001)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin