|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
The TCLHttpd web server contains a directory traversal flaw that may lead to an unauthorized information disclosure. The issue is triggered when a request for directory listing occurs, which will reveal the contents of the directory resulting in a loss of confidentiality.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Technical |
When a user requests a directory on TCLHttpd server, httpdthread.tcl will start to look for various default index file names in that directory, if none can be
found then it will pass the operation to dirlist.tcl script to do the "fancy" directory listing which provides users the ability to sort files by modify
date, name, size or file's pattern. Dirlist.tcl script does filter inputs from the users in order to prevent directory traversal but it can be easily bypassed if an absolute path was entered. Directory listing is enabled by default.
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): by editing the httpdthread.tcl and commenting out the directory listing option. Additionally, it is advisable to disable the following modules to prevent Cross Site Scripting: Status, Debug, Mail and Admin.
|
|
Products |
|
TclHttpd
 |
3.4.2 |
|
|
|
|
Tools & Filters |
|
Nikto
|
3120
3121
|
|
|
|
Credit |
- Phuong Nguyen - dphuong
 yahoo.com -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
