Bugtraq mailing list archives
Advisory for Jana server
From: neme-dhc () hushmail com
Date: Mon, 7 May 2001 19:31:58 -0500 (EDT)
[ Advisory for Jana Webserver ] [ Site: http://www.janaserver.de ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ] [ ADV-0112 ] /-|=[explanation]=|-\ Jana Webserver is well, a webserver. It has a hex-encoded dot dot bug and a denial of service. /-|=[who is vulnerable]=|-\ Tested to be vulnerable to the hex-encoded dot dot bug are: Jana Webserver v1.45 Jana Webserver v1.46 All older versions are assumed to be vulnerable as well. Tested to be vulnerable to the denial of service are: Jana Webserver v1.45 Jana Webserver v1.46 Jana Webserver v2.0 Beta 1 On Windows 98/ME AND Windows NT 4.0 All older versions are assumed to be vulnerable as well. /-|=[testing it]=|-\ To test this vulnerability, try the following. www.server.com/%2e%2e/%2e%2e/%2e%2e/scandisk.log Add or remove %2e%2e/'s to reflect the directory Jana was installed in. The denial of service can be tested by requesting www.server.com/aux /-|=[fix]=|-\ is fixed in the next release of Jana. Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- Advisory for Jana server neme-dhc (May 14)