httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cui Xiaojing-a13339 <a13...@motorola.com>
Subject [users@httpd] Security vulnerability on Apache web server
Date Wed, 10 Sep 2003 04:29:29 GMT
Hello All,

I was reported two security vulnerability on Apache web server, please see below. Could please
give me a help about how to solve the problem. It is urgent. My Apache version is 1.3. Thanks
a lot.

Regards,
Xiaojing


1. rootdotdot: HTTP "dot dot" sequences 
Additional Information More Information
Port 8080
An attacker can traverse directories on vulnerable Web servers by using "dot dot" sequences
in URLs, allowing the attacker to read any
file on the target HTTP server that is world-readable or readable by the ID of the HTTP process.
For example, a URL of the form
(http://www.domain.com/..\..) allows anyone to browse and download files outside of the Web
server content root directory. URLs such as
(http://www.domain.com/scripts..\..\) script-name could allow an attacker to execute the target
script. An attacker can use a listing of this
directory as additional information for planning a structured attack, or could download files
elsewhere in the file system.

2.HttpTraceEnabled: HTTP TRACE is enabled 
Additional Information More Information
port=80
port=8080
HTTP TRACE support is enabled on the Web server. The HTTP TRACE method as described in RFC
2516 of the HTTP 1.1 standard is
typically used for debugging and network analysis purposes to request the contents of HTTP
request messages received by the Web
server. On Web servers with HTTP TRACE support enabled, a remote attacker could leverage this
functionality with known cross-site
scripting and other Web browser vulnerabilities to obtain sensitive information about the
Web server, including server cookies and
authentication information. This information could then be used by the attacker to launch
further attacks against the affected Web server.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message