Details of VAR-201004-0511

ID

VAR-201004-0511

TITLE

Mini Web Server Cross-Site Scripting and Directory Traversal Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0743

DESCRIPTION

Mini Web Server is an easy to use web server. Mini Web Server does not properly handle user-submitted requests, and remote attackers can exploit vulnerabilities for cross-site scripting and directory traversal attacks. The target user's sensitive information or any file content on the system can be obtained. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and other harvested information may aid in launching further attacks

Trust: 0.81

sources: CNVD: CNVD-2010-0743 // BID: 39780

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-0743

AFFECTED PRODUCTS

vendor:

mini

model:

web server mini web server

scope:

version:

1.0

Trust: 0.9

sources: CNVD: CNVD-2010-0743 // BID: 39780

THREAT TYPE

network

Trust: 0.3

sources: BID: 39780

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 39780

EXTERNAL IDS

db:	BID	id:	39780	Trust: 0.9
db:	CNVD	id:	CNVD-2010-0743	Trust: 0.6

sources: CNVD: CNVD-2010-0743 // BID: 39780

REFERENCES

url:	http://www.securityfocus.com/bid/39780/	Trust: 0.6
url:	http://www.jibble.org/miniwebserver/	Trust: 0.3

sources: CNVD: CNVD-2010-0743 // BID: 39780

CREDITS

cp77fk4r

Trust: 0.3

sources: BID: 39780

SOURCES

db:	CNVD	id:	CNVD-2010-0743
db:	BID	id:	39780

LAST UPDATE DATE

2022-05-17T02:09:18.291000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0743	date:	2010-04-30T00:00:00
db:	BID	id:	39780	date:	2010-04-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0743	date:	2010-04-30T00:00:00
db:	BID	id:	39780	date:	2010-04-28T00:00:00