Public Vulnerability Reports

File Disclosure Vulnerability in Simple Web Server

11.08.02

BACKGROUND

As its name suggests, Peter Sandvik's Simple Web Server is a Linux-based web server. More information about it is available at http://www.linuxstuffs.cjb.net.

DESCRIPTION

Restricted files can be remotely accessed because of Simple Web Server's failure to properly handle malformed URL requests for said files. For example, if a standard URL to access a restricted file is http://server.com/secret/file, the altered URL http://server.com///secret/file will bypass any access control on that file, thereby granting unauthorized access to it.

ANALYSIS

The resulting damage from accessing restricted files on the web server is dependent on the actual file accessed and what kind of information is contained within. Simple Web Server is not a widely distributed web server, according to Netcraft.com. As such, the likelihood of widespread exploitation is unlikely.

DETECTION

Simple Web Server 0.5.1, running on Red Hat Linux 7.3, is vulnerable. The vulnerability does not seem to be platform-specific, since it works on Debian Linux 3.0 as well.

WORKAROUND

Migrate to other supported web servers, being the software is no longer actively maintained.

VENDOR RESPONSE

Peter Sandvik said he will suspend work on the project for now, being he "doesn't have time to work on it."

CVE INFORMATION

The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project assigned the identification number CAN-2002-1238 to this issue.

DISCLOSURE TIMELINE

08/29/2002 Issue disclosed to iDEFENSE
09/25/2002 Maintainer, Peter Sandvik notified
09/25/2002 iDEFENSE clients notified
09/25/2002 Response received from Peter Sandvik (peter.sandvik@home.se)
09/26/2002 Started e-mail discussions regarding status of software support
10/31/2002 Last e-mail received regarding status of software support
11/08/2002 Public disclosure

CREDIT

Tamer Sahin (ts@securityoffice.net) discovered this vulnerability.