漏洞类别:Web server漏洞等级: 
漏洞信息
GoAhead WebServer is an open-source Web server that supports Active Server Pages, embedded javascript, and SSL authentication and encryption.
A specially crafted URL composed of ".." sequences along with the known filename will disclose the requested file. This vulnerability also enables unauthorized users to execute arbitrary code with root privileges. The specially crafted URL would be composed of ".." sequences, the target directory, and the malicious code.
漏洞危害
Successful exploitation of this vulnerability could enable unauthorized remote users to gain access to sensitive information, such as system files, and password files. This vulnerability could also lead to a complete compromise of the host.
解决方案
We are not aware of any vendor-supplied patches for this issue. You can download the latest version from GoAhead WebServer's Web site.
Sergey Nenashev suggested a workaround for the problem: http://archives.neohapsis.com/archives/bugtraq/2001-02/0022.html .
0day
文章评论