ID
VAR-E-200704-0606
TITLE
Miniwebsvr Server Directory Traversal Vulnerability
Trust: 0.3
DESCRIPTION
Miniwebsvr is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Note that the attacker can traverse to only one directory above the current working directory of the webserver application.
Miniwebsvr 0.0.7 is vulnerable to this issue; other versions may also be affected.
UPDATE (March 4, 2008): Miniwebsvr 0.0.9a is also reported vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
vendor: | mini | model: | web server mini web server a | scope: | eq | version: | 0.0.9 | Trust: 0.3 |
vendor: | mini | model: | web server mini web server | scope: | eq | version: | 0.0.7 | Trust: 0.3 |
EXPLOIT
Attackers can use a browser to exploit this issue.
The following exploits are available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/23413.html">/data/vulnerabilities/exploits/23413.html</a></li>
<li><a href="/data/vulnerabilities/exploits/23413.py">/data/vulnerabilities/exploits/23413.py</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
shinnai is credited with the discovery of this vulnerability.
Trust: 0.3
EXTERNAL IDS
db: | BID | id: | 23413 | Trust: 0.3 |
REFERENCES
url: | http://miniwebsvr.sourceforge.net/ | Trust: 0.3 |
SOURCES
db: | BID | id: | 23413 |
LAST UPDATE DATE
2022-07-27T09:46:17.921000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 23413 | date: | 2008-03-04T16:02:00 |
SOURCES RELEASE DATE
db: | BID | id: | 23413 | date: | 2007-04-11T00:00:00 |