|
MegaBrowser Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA8948
|
|
|
Release Date:
|
2003-06-05
|
|
Popularity:
|
4,797 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | MegaBrowser
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Multiple vulnerabilities have been identified in MegaBrowser allowing malicious people to conduct directory traversal and enumerate valid user accounts.
One problem is that the HTTP service doesn't handle requests with "../" sequences correct. Allowing trivial directory traversal.
The other problem is that the FTP service returns different answers when invalid usernames are supplied compared to valid usernames.
This has been reported for version 0.71b.
Solution:
There is no immediate solution. Use a different web server or implement a firewall or proxy with URL filtering capabilities to filter malicious request. Make sure that all inactive user accounts are disabled and that active accounts uses strong passwords.
Provided and/or discovered by:
JeiAr of GulfTech Computer
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
