[19041] in bugtraq
Vulnerability in AOLserver
daemon@ATHENA.MIT.EDU (joetesta@HUSHMAIL.COM)
Tue Feb 6 15:04:54 2001
Content-Type: multipart/mixed;
boundary="Hushpart_boundary_IRHVTUikPzIytfmVVrCZMvZdHkBkKBac"
Mime-Version: 1.0
Message-Id: <200102060730.XAA00736@user7.hushmail.com>
Date: Tue, 6 Feb 2001 02:31:40 -0800
Reply-To: joetesta@HUSHMAIL.COM
From: joetesta@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_IRHVTUikPzIytfmVVrCZMvZdHkBkKBac
Content-type: text/plain
Vulnerability in AOLserver
Overview
AOLserver v3.2 is a web server available from http://www.aolserver.com.
A vulnerability exists which allows a remote user user to break out of the
web root using relative paths (ie: '...').
Details
AOLServer checks the requested virtual path for any double dots ('..'),
and returns a 'Not Found' error page if any are present. However, it
does not check for triple dots ('...'). Here is an example URL:
http://localhost:8000/.../[file outside web root]
Note that this vulnerability has only been tested on the latest stable
release (v3.2) for the Win32 platform.
Solution
No quick fix is possible.
Vendor Status
America Online, Inc. was contacted via http://www.aolserver.com/feedback/
on Tuesday, January 30, 2001. No reply was received.
- Joe Testa ( e-mail: joetesta@hushmail.com / AIM: LordSpankatron
)
--Hushpart_boundary_IRHVTUikPzIytfmVVrCZMvZdHkBkKBac--
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
