CVE-2006-0814
CVSS5.0
发布时间 :2006-03-06 16:02:00
修订时间 :2011-03-07 21:30:51
NMCOPS    

[原文]response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.


[CNNVD]Lighttpd远程脚本源码泄露漏洞(CNNVD-200603-045)

        Lighttpd是一款轻型的开放源码Web Server软件包。
        Lighttpd Web Server没有正确的验证用户在URL中提供的文件名扩展,允许攻击者可以通过包含有"."和空格字符的请求检索脚本文件(如PHP)的源码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:lighttpd:lighttpd:1.0.3
cpe:/a:lighttpd:lighttpd:1.1.2
cpe:/a:lighttpd:lighttpd:1.4.0
cpe:/a:lighttpd:lighttpd:1.2.5
cpe:/a:lighttpd:lighttpd:1.3.0
cpe:/a:lighttpd:lighttpd:1.1.8
cpe:/a:lighttpd:lighttpd:1.4.2
cpe:/a:lighttpd:lighttpd:1.1.3
cpe:/a:lighttpd:lighttpd:1.3.10
cpe:/a:lighttpd:lighttpd:1.1.4
cpe:/a:lighttpd:lighttpd:1.3.5
cpe:/a:lighttpd:lighttpd:1.4.7lighttpd 1.4.7
cpe:/a:lighttpd:lighttpd:1.3.8
cpe:/a:lighttpd:lighttpd:1.3.13
cpe:/a:lighttpd:lighttpd:1.4.9lighttpd 1.4.9
cpe:/a:lighttpd:lighttpd:1.3.16lighttpd 1.3.16
cpe:/a:lighttpd:lighttpd:1.1.0
cpe:/a:lighttpd:lighttpd:1.3.2
cpe:/a:lighttpd:lighttpd:1.3.11
cpe:/a:lighttpd:lighttpd:1.1.7
cpe:/a:lighttpd:lighttpd:1.3.9
cpe:/a:lighttpd:lighttpd:1.2.2
cpe:/a:lighttpd:lighttpd:1.3.4
cpe:/a:lighttpd:lighttpd:1.1.1
cpe:/a:lighttpd:lighttpd:1.4.6lighttpd 1.4.6
cpe:/a:lighttpd:lighttpd:1.3.6
cpe:/a:lighttpd:lighttpd:1.1.6
cpe:/a:lighttpd:lighttpd:1.4.3lighttpd 1.4.3
cpe:/a:lighttpd:lighttpd:1.3.15
cpe:/a:lighttpd:lighttpd:1.3.1
cpe:/a:lighttpd:lighttpd:1.2.3
cpe:/a:lighttpd:lighttpd:1.2.4
cpe:/a:lighttpd:lighttpd:1.4.8lighttpd 1.4.8
cpe:/a:lighttpd:lighttpd:1.3.12
cpe:/a:lighttpd:lighttpd:1.2.7
cpe:/a:lighttpd:lighttpd:1.4.4lighttpd 1.4.4
cpe:/a:lighttpd:lighttpd:1.4.1
cpe:/a:lighttpd:lighttpd:1.3.7
cpe:/a:lighttpd:lighttpd:1.2.8
cpe:/a:lighttpd:lighttpd:1.3.14
cpe:/a:lighttpd:lighttpd:1.1.9
cpe:/a:lighttpd:lighttpd:1.2.6
cpe:/a:lighttpd:lighttpd:1.4.5lighttpd 1.4.5
cpe:/a:lighttpd:lighttpd:1.2.0
cpe:/a:lighttpd:lighttpd:1.3.3
cpe:/a:lighttpd:lighttpd:1.1.5
cpe:/a:lighttpd:lighttpd:1.4.10lighttpd 1.4.10
cpe:/a:lighttpd:lighttpd:1.2.1
cpe:/a:lighttpd:lighttpd:1.0.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0814
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0814
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-045
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/archive/1/426446/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060301 Secunia Research: Lighttpd Script Source Disclosure Vulnerability
http://secunia.com/secunia_research/2006-9/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2006-9/advisory/
http://secunia.com/advisories/18886
(VENDOR_ADVISORY)  SECUNIA  18886
http://xforce.iss.net/xforce/xfdb/24976
(UNKNOWN)  XF  lighttpd-source-code-disclosure(24976)
http://www.vupen.com/english/advisories/2006/0782
(UNKNOWN)  VUPEN  ADV-2006-0782
http://www.osvdb.org/23542
(UNKNOWN)  OSVDB  23542
http://trac.lighttpd.net/trac/changeset/1005
(UNKNOWN)  CONFIRM  http://trac.lighttpd.net/trac/changeset/1005
http://www.securityfocus.com/bid/16893
(UNKNOWN)  BID  16893
http://securitytracker.com/id?1015703
(UNKNOWN)  SECTRACK  1015703
http://securityreason.com/securityalert/523
(UNKNOWN)  SREASON  523

- 漏洞信息

Lighttpd远程脚本源码泄露漏洞
中危 设计错误
2006-03-06 00:00:00 2006-03-07 00:00:00
远程  
        Lighttpd是一款轻型的开放源码Web Server软件包。
        Lighttpd Web Server没有正确的验证用户在URL中提供的文件名扩展,允许攻击者可以通过包含有"."和空格字符的请求检索脚本文件(如PHP)的源码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.lighttpd.net

- 漏洞信息 (F44313)

secunia-Lighttpd.txt (PacketStormID:F44313)
2006-03-03 00:00:00
Tan Chew Keong  secunia.com
advisory,php
windows
CVE-2006-0814
[点击下载]

Secunia Research has discovered a vulnerability in Lighttpd, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing dot and space characters. Version affected: Lighttpd version 1.4.10 for Windows. Other versions may also be affected.

====================================================================== 

                     Secunia Research 01/03/2006

        - Lighttpd Script Source Disclosure Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* Lighttpd version 1.4.10 for Windows.

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: Exposure of sensitive information
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Lighttpd, which
can be exploited by malicious people to disclose potentially sensitive
information.

The vulnerability is caused due to a validation error of the filename
extension supplied by the user in the URL. This can be exploited to
retrieve the source code of script files (e.g. PHP) from the server
via specially-crafted requests containing dot and space characters.

====================================================================== 
4) Solution 

Update to version 1.4.10a for Windows.

====================================================================== 
5) Time Table 

15/02/2006 - Initial vendor notification.
16/02/2006 - Initial vendor reply.
01/03/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2006-0814 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-9/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息

23542
lighttpd on Windows Crafted Filename Request Script Source Disclosure
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public, Exploit Commercial Vendor Verified

- 漏洞描述

Lighttpd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a URL request for a known .php file with "dot" and "space" characters appended to the file extension, which will disclose the requested file's source code resulting in a loss of confidentiality.

- 时间线

2006-03-01 2006-02-15
Unknow Unknow

- 解决方案

Upgrade to version 1.4.10a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Lighttpd Remote Script Disclosure Vulnerability
Design Error 16893
Yes No
2006-03-01 12:00:00 2006-03-05 01:26:00
Discovered by Tan Chew Keong, Secunia Research.

- 受影响的程序版本

lighttpd lighttpd 1.4.10
lighttpd lighttpd 1.4.10a

- 不受影响的程序版本

lighttpd lighttpd 1.4.10a

- 漏洞讨论


The 'lighttpd' webserver is prone to an information-disclosure vulnerability. An attacker may obtain the source code of script files.

Scripts may contain sensitive information that may aid in further attacks launched against the target computer.

Versions prior to 1.4.10a of lighttpd for Windows are vulnerable.

- 漏洞利用


This issue can be exploited with a web browser.

- 解决方案


The vendor has reportedly released versions 1.4.10a to address this issue. Please see references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站