<< Previous Next >>
web server
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03025215
Version: 2
HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-09-26
Last Updated: 2011-10-26
Philipp Krammer reported that he notifed the vendor over five years
ago, in January 2003. http://www.securityfocus.com/archive/1/339163
What's new is
1) The vendor has released another major version of the
affected software, Apache web server 2.2, with the same flaw.
2) While no official patch is available (due to the vendor's inaction),
an unofficial patch is now available.
-Peter
http://www.tux.org/~peterw/
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0012
Synopsis: VMware vCenter Update Manager fix for Jetty Web
server addresses important security vulnerabilities
Issue date: 2010-07-19
Updated on: 2010-07-19 (initial release of advisory)
CVE numbers: CVE-2009-1523 CVE-2009-1524
- ------------------------------------------------------------------------
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02997184
Version: 1
HPSBUX02702 SSRT100606 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-09-08
Last Updated: 2011-09-08
The reason for security in depth is precisely because no security controls
are foolproof. The point isn't to make a system completely unbreakable,
but to raise the bar for what is required in order to extend their access
beyond what they already control.
Lets take a webserver as an example.
Your webserver only requires ports 80 and 443 listening to the world, so
you deploy a firewall in front of it restricting access to just those
ports.
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0014
Synopsis: VMware vCenter Update Manager fix for Jetty Web server
addresses directory traversal vulnerability
Issue date: 2011-11-17
Updated on: 2011-11-17 (initial release of advisory)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Delivery System Internet
Streamer: Web Server Vulnerability
Advisory ID: cisco-sa-20110525-spcdn
Revision 1.0
From: Rohit Patnaik [mailto:quanticle@gmail.com]
Sent: Tuesday, December 15, 2009 6:29 PM
To: Thor (Hammer of God)
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] File Access Vulnerability in Easy File Sharing Web Server
Wow. Very nice find. One question: all the cited tools are Windows executables. Has there been any attempt to run the database viewer in Linux via Wine? I'm wondering if I'm going to have to set up a VM to try to confirm this, or if I can try to do this via Wine.
Although the n3td3v drama is entertaining, its finds like this which keep me subscribed to this list.
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
While doing a quick sweep over the code base of FreeWebshop.org (FWS)
several vulnerabilities have been found in FWS. These vulnerabilities
allow attackers to obtain arbitrary information from the webserver and
database. It is even possible to execute arbitrary code with the
privileges of FWS. In some cases it may even be possible to fully
compromise the system on which FWS is installed. Most of these issues
are related to the fact that FWS fully trusts the content of the cookies
that it receives. These issues were discovered within a very small
> The reason for security in depth is precisely because no security controls
> are foolproof. The point isn't to make a system completely unbreakable,
> but to raise the bar for what is required in order to extend their access
> beyond what they already control.
>
> Lets take a webserver as an example.
>
> Your webserver only requires ports 80 and 443 listening to the world, so
> you deploy a firewall in front of it restricting access to just those
> ports.
>
Impact
None. It was thought to be an arbitrary execution risk, but as noted by
the Secunia Research team, an administrator can change the virtual root
and can upload files to any directory in the web server. This reference
is kept because it is a bug worth noticing and the patch included with
in this document patches both bugs.
Preconditions
QO99896
CA Service Desk Dashboard component:
QO99895
CA Service Desk Web Screen Painter component:
QO99894
CA Service Desk Web Server component:
QO99893
CA Service Desk Server component:
QO99892
AIX:
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2007-3946
Debian Bug : 434888
Several vulnerabilities were discovered in lighttpd, a fast webserver with
minimal memory footprint. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2007-3946
Here, $country is the modified countrycode variable which is stored in the user's
preferences and $NLS_FILE is the name of the requested CGI script without the ».pl«
extension.
Using this attack, an attacker can execute arbitrary code using the privileges of
the webserver user. As the database credentials are stored unencrypted in a file
readable by the webserver user, this in turn means that the attacker is able to get
direct access to the database as well.
The code used for translating strings used in the application executes Perl code from
files whose location is provided by the user. From a design standpoint, executing code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: CDS Internet Streamer: Web Server Directory
Traversal Vulnerability
Advisory ID: cisco-sa-20100721-spcdn
http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01599836
Version: 1
HPSBTU02382 SSRT080132 rev.1 - HP Secure Web Server for Tru64 UNIX or Internet Express for Tru64 UNIX running PHP, Remote Denial of Service (DoS) or Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-11-25
Last Updated: 2008-11-25
is used worldwide.
A security vulnerability was discovered in LANDesk Management Suite: a
cross-site request forgery which allows an external remote attacker to
make a command injection that can be used to execute arbitrary code
using the webserver user. As a result, an attacker can remove the
firewall and load a kernel module, allowing root access to the
appliance. It also can be used as a non-persistent XSS.
In order to be able to successfully make the attack, the administrator
must be logged in to the appliance with the browser that the attacker
The first weakness affecting the Cisco CSS is that, in a typical client
certificate configuration, HTTP clients may confuse web applications by
injecting their own certificate headers. When utilizing the CSS to
terminate SSL communications, SSL client certificates are first
authenticated by the CSS. From there, the CSS will normally pass the
client's identity to the back-end web server in the form of several HTTP
headers as shown below:
ClientCert-Subject: XXX
ClientCert-Subject-CN: XXX
ClientCert-Fingerprint: XXX
# LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD
# bug discovered & exploited by Kingcope
#
# Dec 2010
# Lame Xploit Tested with success on
# FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86
# FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86
# FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.15 Standard x86
# can be used against the admin interface (port 7080), too
# Xploit only works on default lsphp binary not the compiled version
File Access Vulnerability in Easy File Sharing Web Server
Discovered by:
Timothy "Thor" Mullen
Testing by Steve "Raging Haggis" Moffat, Hammer of God, Bermuda Labs
Product: Easy File Sharing Web Server, current versions, default installation
Vendor: http://www.sharing-file.com/
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite.
References: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23 and B.11.31 running Tomcat-based Servlet Engine v5.5.27.02 or earlier
used to create the online help and HTML documentation for older CA
SiteMinder releases (6.0 SP4 and earlier). This vulnerability
affects CA SiteMinder in the following ways:
* HTML versions of the product documentation for SiteMinder can
be deployed on an individual system or through a web server. If
product documentation has been deployed on a web server the
SiteMinder 6.0 installation is vulnerable.
* Online help systems for SiteMinder are deployed and accessible
through a web server. This vulnerability applies to help systems.
- Baby ASP Server
[Vendor Product Description]
- This program was build as an alternative for Microsoft's IIS. The
main goal was to design a simple web server with support for ASP.
Setting up Baby ASP Web Server is very easy: copy the executable to a
directory of your choice, set the directory of your webpages and it's
ready to run!
[Bug Description]
[DCA-0003]
[Software]
- Simple Web Server
[Vendor Product Description]
- The easy and small way to open an HTTP Web Server. OS
Versions:Windows9x/Me/NT/2000/XP
network access to these devices should be limited to authorized
personnel through the use of Access Control Lists and proper
network segmentation.
Finding 2: Directory Traversal in Camera Web Server
CVE: CVE-2010-4231
The CMNC-200 IP Camera has a built-in web server that
is enabled by default. The server is vulnerable to directory
transversal attacks, allowing access to any file on the
$Config['DeniedExtensions']['File'] = array('php','php2','php3',
'php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm',
'cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi') ;
But we really want to upload php scripts to victim webserver ...
Well, let's assume, that we have php file "test.waraxe". As we see,
file extension is "waraxe" :)
Now there is another PoC testfile:
------------>[proof-of-concept]<-----------
QuiXplorer is prone to a local file include and directory traversal
vulnerability because the application fails to sufficiently sanitize
user-supplied input. The parameter 'lang' is not properly sanitized.
Since the application allows to upload files to the server could be
combined with previous vulnerabilities to allow an attacker to execute
arbitrary code remotely in the context of the webserver. This may aid
in launching further attacks.
In order to perform the attack, an attacker could upload a PHP
malicious code (upload action is allowed by the application), then
exploit a bug to know the full path to the local file recently
END AFFECTED VERSIONS
RESOLUTION
HP has made the following available to resolve the vulnerability.
HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
The update is available on https://www.hp.com/go/softwaredepot/
Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00.
MANUAL ACTIONS: Yes - Update
Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Horde Application Framework <= 3.2.4
Severity: PHP applications using the Horde_Form_Type_image form
element can be tricked into overwriting arbitrary files
writable by the webserver which might result in PHP
remote code execution
Risk: High
Vendor Status: Horde 3.2.5 was released which fixes this vulnerability
Reference: http://www.sektioneins.de/advisories/SE-2009-01.txt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in the web server in the Multi-Threaded DAAP
Daemon may lead to the remote execution of arbitrary code.
Background
==========
<<Previous Next>>
|
