[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-users] [patch #6754] Http double slash request arbitrary file
|
From: |
spiralvoice |
|
Subject: |
[Mldonkey-users] [patch #6754] Http double slash request arbitrary file access vulnerability |
|
Date: |
Tue, 24 Feb 2009 18:30:47 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.6) Gecko/2009020409 Iceweasel/3.0.6 (Debian-3.0.6-1) |
URL:
<http://savannah.nongnu.org/patch/?6754>
Summary: Http double slash request arbitrary file access
vulnerability
Project: mldonkey, a multi-networks file-sharing client
Submitted by: kyak
Submitted on: Di 24 Feb 2009 19:30:44 CET
Category: None
Severity: 6 - Security
Item Group: None
Status: None
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release:
Release: None
Operating System: None
Binaries Origin: None
CPU type: None
_______________________________________________________
Details:
I can access http://myip:4080//etc/passwd from my browser.
Actually, i can access any file, readable by mldonkey, i just need to put a
double slash before the name.
It looks like a thttpd double slash request arbitrary file access
vulnerability CVE-1999-1456.
I am astonished that this has been staying undetected and unfixed for such a
long time.
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Mo 19 Jan 2004 13:37:14 CET By: Andreas Mueller <amu>
added lib.
-------------------------------------------------------
Date: Di 25 Nov 2003 13:06:02 CET By: -Deleted Account- <lizdeika>
oh
the same for most(maybe all)
apps in "Desktop Preferences"
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/patch/?6754>
_______________________________________________
Nachricht geschickt von/durch Savannah
http://savannah.nongnu.org/
- [Mldonkey-users] [patch #6754] Http double slash request arbitrary file access vulnerability,
spiralvoice <=