Bugtraq mailing list archives
Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole)
From: "TAKAGI, Hiromitsu" <takagi () ETL GO JP>
Date: Tue, 8 Aug 2000 22:42:37 +0900
===================================================== Brown Orifice HTTPD Directory Traversal Vulnerability ===================================================== Background ---------- Brown Orifice HTTPD (BOHTTPD) <http://www.brumleve.com/BrownOrifice/> is "a web server and file sharing tool" that runs as a Java Applet in Netscape Navigator.(*1) It was written by Dan Brumleve and was announced in BugTraq a few days ago. Problem Description ------------------- Brumleve's demonstration page politely asks users to specify a directory on their computer for public access. However, by specifying "\.." in HTTP requests to the server, an attacker can navigate the server's file system and view/download any files. For example, http://your-ip-address:8080/C:/temp/\../ or http://your-ip-address:8080/C:/temp/%5C../ (for Internet Explorer as a client) will display the contents of the root directory of C: drive of the server's computer. Affected versions and platforms ------------------------------- This bug has been verified to be present on the BOHTTPD 0.1 in Netscape Navigator 4.72 for Windows. Workaround ---------- Do not use BOHTTPD. :-) (*1) This is also a security hole per se, as you know. Regards, -- Hiromitsu Takagi Electrotechnical Laboratory http://www.etl.go.jp/~takagi/
Current thread:
- Dangerous Java/Netscape Security Hole Dan Brumleve (Aug 07)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)
- Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) Michael H. Warfield (Aug 09)
- <Possible follow-ups>
- Re: Dangerous Java/Netscape Security Hole tkuiper (Aug 07)
- Re: Dangerous Java/Netscape Security Hole Michael H. Warfield (Aug 07)
- Re: Dangerous Java/Netscape Security Hole Art Savelev (Aug 08)
- Re: Dangerous Java/Netscape Security Hole Andrew L . Davis (Aug 08)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)