Info

Last Modified

8 months ago

Percent Complete

100%

Disclosure

Apr 03, 2004

Discovery

Unknown

Dates

Exploit

Apr 03, 2004

Solution

Unknown

Description

Patrice Freydiere's ADA ImgSvr contains a flaw that allows a remote attacker to view files and directory content outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Patrice Freydiere

ADA ImgSvr

0.4

References

Bugtraq ID: 10048
Secunia Advisory ID: 11287
ISS X-Force ID: 15706
CVE ID: 2004-2464 (see also: NVD)
Related OSVDB ID: 4945
Keyword: Directory Traversal
Vendor URL: http://adaimgsvr.sourceforge.net/
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0380.html
Other Advisory URL: http://members.lycos.co.uk/r34ct/main/ADA%20Image%20Server%20(ImgSvr)%200.4.txt
Generic Exploit URL: http://packetstormsecurity.nl/0404-exploits/imgSvr.txt

Manual Testing Notes

Credit

Dr_insane - dr_insanepathfinder.gr - Personal Page

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

Anonymous - 2007/07/11 10:07:32

The packetstormsecurity.nl and archives.neohapsis.com references are entirely about a %00 issue (CVE-2004-1887), not the .. issue (CVE-2004-2464). Id guess that youd<br />either want to delete these two, or else add CVE-2004-1887.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches