Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: sedum.htm

Sedum httpd server 2.0 break out of web root



Vulnerability

    Sedum

Affected

    Sedum httpd server 2.0

Description

    Joe Testa found following.  A vulnerability exists which allows  a
    remote user to break out of the web root using relative paths (ie:
    '..', '...').

        http://localhost/../[file outside web root]
        http://localhost/.../[file outside web root]

Solution

    No  quick  fix  is  possible.   The  author,  Guido Frassetto, was
    contacted regarding  version 1.1  of SEDUM.   He replied  promptly
    and stated that version 2.0 is immune to this problem.    However,
    there is absolutely nothing different.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH