Apache Directory Traversal Vulnerability
SECUNIA ADVISORY ID:
SA10962
VERIFY ADVISORY:
http://secunia.com/advisories/10962/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
Apache 1.3.x
Apache 2.0.x
DESCRIPTION:
Jeremy Bae has reported a vulnerability in Apache running on cygwin, allowing malicious people to view arbitrary files on a vulnerable system.
The problem is that Apache handles "\" that are URL encoded incorrectly before a query is sent to the cygwin platform, which interprets backslashes differently than other platforms.
This has been reported to affect Apache 1.3.29 and prior and Apache 2.0.48 and prior running on the cygwin platform. Other platforms are not known to be affected.
SOLUTION:
A patch has been published for Apache 1.3.29:
PROVIDED AND/OR DISCOVERED BY:
Jeremy Bae, STG Security.
For further details and links please click here to see the actual Secunia Advisory: http://secunia.com/advisories/10962/
