Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: sworx30.htm

Soft Lite ServerWorx 3.0 - break out of web root



Vulnerability

    ServerWorx

Affected

    Soft Lite ServerWorx 3.0

Description

    Joe Testa found following.  A vulnerability exists which allows  a
    remote user to break out of the web root using relative paths (ie:
    '..', '...'):

        http://localhost/../[file outside web root]
        http://localhost/.../[file outside web root]

Solution

    Are you running  ServerWorx 5.0?   If you try  using this instead,
    you will see that any attempt to access a file outside the root of
    the web will  show an "access  denied" message.   Authors have now
    dropped support for ServerWorx 3,  and suggest to all their  users
    to move to the new version.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH