发布时间 :2003-11-17 00:00:00
修订时间 :2008-09-10 15:20:35

[原文]Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.

[CNNVD]WebFS HTTP服务程序信息泄露漏洞(CNNVD-200311-082)

        当程序使用虚拟主机时,如果远程客户端请求中 指定".."为主机名,可导致返回文档ROOT目录中的目录列表或文件信息。攻击者可以结合其他漏洞对系统进行进一步攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

WebFS HTTP服务程序信息泄露漏洞
中危 输入验证
2003-11-17 00:00:00 2005-10-20 00:00:00
        当程序使用虚拟主机时,如果远程客户端请求中 指定".."为主机名,可导致返回文档ROOT目录中的目录列表或文件信息。攻击者可以结合其他漏洞对系统进行进一步攻击。

- 公告与补丁


- 漏洞信息 (F31729)

DSA-392-1 (PacketStormID:F31729)
2003-09-29 00:00:00

Debian Security Advisory DSA 392-1 - webfs has been found vulnerable to buffer overflows and multiple directory traversal attacks.

- 漏洞信息

webfs Arbitrary File and Directory Access
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity

- 漏洞描述

webfs contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "hostname" variable(s).

- 时间线

2003-09-30 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Webfs HTTP Server Information Disclosure Vulnerability
Input Validation Error 8724
Yes No
2003-09-29 12:00:00 2009-07-11 11:56:00
The discovery of this vulnerability has been credited to Jens Steube.

- 受影响的程序版本

WebFS WebFS 1.20
WebFS WebFS 1.19
WebFS WebFS 1.18
WebFS WebFS 1.17
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

An information disclosure vulnerability has been discovered in Webfs HTTP server. The problem occurs due to insufficient sanitization of user-supplied hostnames when accessing virtual hosts. As a result, an attacker may be capable of viewing the contents of directories and files outside of the established web root.

This issue may only exist if the server has been configured to use virtual hosting.

- 漏洞利用

No exploit required.

- 解决方案

Debian has released a security advisory (DSA-392-1) and fixes which address this and other issues in WebFS. Users are advised to upgrade their installations as soon as possible.

WebFS WebFS 1.17

- 相关参考