CVE-2004-0173
CVSS5.0
发布时间 :2004-04-15 00:00:00
修订时间 :2016-10-17 22:41:23
NMCOE    

[原文]Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.


[CNNVD]Apache Cygwin远程目录遍历漏洞(CNNVD-200404-031)

        
        Apache cygwin是一款可在Windows平台上进行应用的环境。
        Apache httpd在cygwin环境上对部分请求缺少充分过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。
        提交包含多个对'../'进行URI编码的请求给cygwin环境上的Apache httpd,可绕过WEB ROOT限制,以WEB进程权限在系统上查看任意文件内容。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:apache:http_server:0.8.14Apache Software Foundation Apache HTTP Server 0.8.14
cpe:/a:apache:http_server:1.0.2Apache Software Foundation Apache HTTP Server 1.0.2
cpe:/a:apache:http_server:1.1.1Apache Software Foundation Apache HTTP Server 1.1.1
cpe:/a:apache:http_server:0.8.11Apache Software Foundation Apache HTTP Server 0.8.11
cpe:/a:apache:http_server:1.0Apache Software Foundation Apache HTTP Server 1.0
cpe:/a:apache:http_server:1.2.5Apache Software Foundation Apache HTTP Server 1.2.5
cpe:/a:apache:http_server:1.0.5Apache Software Foundation Apache HTTP Server 1.0.5
cpe:/a:apache:http_server:1.2Apache Software Foundation Apache 1.2
cpe:/a:apache:http_server:1.1Apache Software Foundation Apache HTTP Server 1.1
cpe:/a:apache:http_server:1.0.3Apache Software Foundation Apache HTTP Server 1.0.3
cpe:/a:apache:http_server:1.3Apache Software Foundation Apache HTTP Server 1.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0173
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0173
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200404-031
(官方数据源) CNNVD

- 其它链接及资源

http://issues.apache.org/bugzilla/show_bug.cgi?id=26152
(UNKNOWN)  CONFIRM  http://issues.apache.org/bugzilla/show_bug.cgi?id=26152
http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html
(UNKNOWN)  FULLDISC  20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability
http://marc.info/?l=bugtraq&m=107765545431387&w=2
(UNKNOWN)  BUGTRAQ  20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin
http://www.apacheweek.com/issues/04-03-12
(UNKNOWN)  CONFIRM  http://www.apacheweek.com/issues/04-03-12
http://www.securityfocus.com/bid/9733
(VENDOR_ADVISORY)  BID  9733
http://xforce.iss.net/xforce/xfdb/15293
(VENDOR_ADVISORY)  XF  apache-cygwin-directory-traversal(15293)

- 漏洞信息

Apache Cygwin远程目录遍历漏洞
中危 未知
2004-04-15 00:00:00 2005-10-12 00:00:00
远程  
        
        Apache cygwin是一款可在Windows平台上进行应用的环境。
        Apache httpd在cygwin环境上对部分请求缺少充分过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。
        提交包含多个对'../'进行URI编码的请求给cygwin环境上的Apache httpd,可绕过WEB ROOT限制,以WEB进程权限在系统上查看任意文件内容。
        

- 公告与补丁

        厂商补丁:
        Apache Software Foundation
        --------------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apache Software Foundation Apache 1.3.29:
        Apache Software Foundation Patch Apache cygwin 1.3.29 patch
        
        http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=10222

- 漏洞信息 (23751)

Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability (EDBID:23751)
windows remote
2004-02-24 Verified
0 Jeremy Bae
N/A [点击下载]
source: http://www.securityfocus.com/bid/9733/info

It has been reported that Apache may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is only reported to present itself in Apache running on cygwin platforms. A remote attacker may traverse outside the server root directory by using encoded '\..' character sequences.

http://www.example.com/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
http://www.example.com/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini		

- 漏洞信息

4037
Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Apache Webserver contains a flaw that allows a remote attacker to to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

- 时间线

2004-02-24 2004-02-24
2004-02-24 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apache Software Foundation has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站