Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: httpd28.htm

Lasso CGI retrieve arbitrary files



Vulnerability

    Lasso CGI

Affected

    Mac OS

Description

    Chuck Shotton posted following.   It has recently been  discovered
    that the Lasso  CGI product from  Blue World Communications,  Inc.
    has a security flaw that can make it possible for any file on  any
    Macintosh web server supporting CGIs to be accessed regardless  of
    security restrictions  imposed by  the web  server.   It should be
    noted that  this problem  with Lasso  will affect  any web  server
    application that has the capability of running this specific  CGI,
    regardless of server vendor.

Solution

    Remove the current Lasso CGI  from active use and replace  it with
    an updated version of Lasso that can be obtained from Blue  World.
    Blue World is aware of the problem and has already created patches
    correcting this behavior. These  updates are available from  their
    web site at:

        http://www.blueworld.com/


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH