CVE-2006-0815
CVSS5.0
发布时间 :2006-03-06 18:02:00
修订时间 :2011-03-07 21:30:51
NMCOPS    

[原文]NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension.


[CNNVD]NetworkActiv Web Server脚本源码泄露漏洞(CNNVD-200603-043)

        NetworkActiv Web Server是一个基于Windows操作系统的带有一个图形用户界面和一个实时屏幕连接日志的网络服务器软件。
        NetworkActiv Web Server没有正确的验证用户在URL中提供的文件名扩展,允许攻击者可以通过包含有正斜线("/")字符的请求检索脚本文件(如PHP)的源码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0815
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0815
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-043
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/archive/1/426461/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060301 Secunia Research: NetworkActiv Web Server Script Source DisclosureVulnerability
http://secunia.com/secunia_research/2006-10/advisory
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2006-10/advisory
http://secunia.com/advisories/18947
(VENDOR_ADVISORY)  SECUNIA  18947
http://xforce.iss.net/xforce/xfdb/24979
(UNKNOWN)  XF  networkactiv-script-source-disclosure(24979)
http://www.vupen.com/english/advisories/2006/0783
(UNKNOWN)  VUPEN  ADV-2006-0783
http://www.securityfocus.com/bid/16895
(UNKNOWN)  BID  16895
http://www.networkactiv.com/WebServer.html
(UNKNOWN)  CONFIRM  http://www.networkactiv.com/WebServer.html

- 漏洞信息

NetworkActiv Web Server脚本源码泄露漏洞
中危 设计错误
2006-03-06 00:00:00 2006-09-22 00:00:00
远程  
        NetworkActiv Web Server是一个基于Windows操作系统的带有一个图形用户界面和一个实时屏幕连接日志的网络服务器软件。
        NetworkActiv Web Server没有正确的验证用户在URL中提供的文件名扩展,允许攻击者可以通过包含有正斜线("/")字符的请求检索脚本文件(如PHP)的源码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.networkactiv.com/WebServer.html

- 漏洞信息 (F44314)

secunia-NetworkActiv.txt (PacketStormID:F44314)
2006-03-03 00:00:00
Tan Chew Keong  secunia.com
advisory,web,php
CVE-2006-0815
[点击下载]

Secunia Research has discovered a vulnerability in NetworkActiv Web Server, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing the forward slash character. Version affected: NetworkActiv Web Server 3.5.15. Other versions may also be affected.

====================================================================== 

                     Secunia Research 01/03/2006

  - NetworkActiv Web Server Script Source Disclosure Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* NetworkActiv Web Server 3.5.15.

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: Exposure of sensitive information
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in NetworkActiv Web
Server, which can be exploited by malicious people to disclose
potentially sensitive information.

The vulnerability is caused due to a validation error of the filename
extension supplied by the user in the URL. This can be exploited to
retrieve the source code of script files (e.g. PHP) from the server
via specially-crafted requests containing the forward slash character.

====================================================================== 
4) Solution 

Update to version 3.5.16.

====================================================================== 
5) Time Table 

21/02/2006 - Initial vendor notification.
21/02/2006 - Initial vendor reply.
01/03/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2006-0815 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-10/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息

23543
NetworkActiv Web Server Crafted Filename Request Script Source Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-03-01 2006-02-21
Unknow Unknow

- 解决方案

Upgrade to version 3.5.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NetworkActiv Web Server Remote Script Disclosure Vulnerability
Design Error 16895
Yes No
2006-03-01 12:00:00 2006-03-05 02:11:00
Discovered by Tan Chew Keong, Secunia Research.

- 受影响的程序版本

NetworkActiv NetworkActiv Web Server 3.5.15
NetworkActiv NetworkActiv Web Server 3.5.14
NetworkActiv NetworkActiv Web Server 3.5.13
NetworkActiv NetworkActiv Web Server 3.0.1 .1
NetworkActiv NetworkActiv Web Server 3.5.16

- 不受影响的程序版本

NetworkActiv NetworkActiv Web Server 3.5.16

- 漏洞讨论


NetworkActiv Web Server is prone to an information-disclosure vulnerability. An attacker may obtain the source code of script files.

Scripts may contain sensitive information that may aid in further attacks launched against the target computer.

NetworkActiv Web Server versions prior to 3.5.16 are vulnerable.

- 漏洞利用


This issue can be exploited with a web browser.

- 解决方案


The vendor has reportedly released version 3.5.16 to address this issue. Please see references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站