COMMAND

	JWALK application server Directory Traversal Vulnerability

SYSTEMS AFFECTED

	JWALK application server version 3.2C9

PROBLEM

	In  advisory  by  Andy  Davis  of  Information   Risk   Management   Plc
	[http://www.irmplc.com/advisories] :
	
	--snip--
	
	Recently during a penetration test IRM  identified  a  serious  security
	vulnerability with the Jwalk application web server  version  3.2C9.  It
	appears  that  by  issuing   a   URL   containing   unicode   characters
	representing "../" directory traversal is possible.
	
	IRM used the following URL to obtain the Windows password  file  on  the
	machine in question:
	
	 HTTP://<IP_address>/.%252e/.%252e/.%252e/winnt/repair/sam._
	
	The server process appears to be running with sufficient  privileges  to
	read any file on the server (assuming the  name  and  location  of  this
	file is known).
	
	--snap--

SOLUTION

	Get JWalk, 3.3c4
	
	A workaround involves using different vendor's web server to  serve  the
	Jwalk application