|
BRS WebWeaver multiple vulnerabilities
|
|
Secunia Advisory:
|
SA8518
|
|
|
Release Date:
|
2003-04-04
|
|
Popularity:
|
4,531 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | BRS WebWeaver 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
BRS WebWeaver has been found vulnerable to multiple issues:
The FTP server may be crashed by doing a "cd /aux/aux/". This only affects BRS WebWeaver on a Windows 98 system without patches as described in MS00-017.
By requesting a 2499361 character long URL the servers crashes with in minutes consuming all available memory.
Passwords in the users.ini file are not encrypted, they are merely scrambled through a one to one mapping to different characters.
All environment variables are returned by the script '/script/testcgi.exe'.
By trying to create a new directory with the name of an existing directory the ftp root is revealed.
Solution:
Apply the relevant patch from Microsoft (and all other security related patches).
Use a firewall or proxy server with URL filtering capabilities to filter malicious requests for the http and the ftp server.
Remove the 'testcgi.exe' script.
Do not allow untrusted users local access.
Provided and/or discovered by:
euronymous
Other References:
http://www.microsoft.com/technet/security/bulletin/MS00-017.asp
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
