7722 : JAWS gadget Variable Arbitrary File Access
Printer | http://osvdb.org/7722 | Email This | Edit Vulnerability

Views This Week

Views All Time

154

Info

Last Modified

10 months ago

Percent Complete

100%

Disclosure

Jul 05, 2004

Discovery

Unknown

Dates

Exploit

Jul 05, 2004

Solution

Unknown

Description

JAWS contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the gadget variable.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, JAWS has released a patch to address this vulnerability.

Products

Jaws	Jaws	0.3
		0.2

References

Security Tracker: 1010651
Bugtraq ID: 10670
ISS X-Force ID: 16620
CVE ID: 2004-2445 (see also: NVD)
Related OSVDB ID: 7720 7721 7723 7724
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html
Vendor Specific Solution URL: http://jaws.com.mx/files/index.php.txt
Vendor URL: http://www.jaws.com.mx/
Other Advisory URL: http://www.securiteam.com/unixfocus/5KP0H0ADFU.html

Tools & Filters

Nessus	16198

Manual Testing Notes

Credit

Fernando Quintero - nandoudea.edu.co - Silence Team

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Jaws

Jaws

References

Tools & Filters

Manual Testing Notes

Credit

Blogs

Comments