Advisories : Directory Traversal Possible & Denial of Service in Worm HTTP Server

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Directory Traversal Possible & Denial of Service in Worm HTTP Server

Title:	Directory Traversal Possible & Denial of Service in Worm HTTP Server
Released by:	Delphis
Date:	25th August 2000
Printable version:	Click here

============================================================================

    Delphis Consulting Plc

============================================================================



   Security Team Advisories

       [25/08/2000]



    securityteam@delphisplc.com

  [http://www.delphisplc.com/thinking/whitepapers/]



============================================================================

Adv     :       DST2K0023

Title   :       Directory Traversal Possible & Denial of Service in Worm

HTTP Server

Author  :       DCIST (securityteam@delphisplc.com)

O/S     :       Microsoft Windows NT v4.0 Workstation (SP6)

Product :       Worm HTTP Server v1.0

Date    :       25/08/2000



I.    Description



II.   Solution



III.  Disclaimer





============================================================================



I. Description

============================================================================



Vendor URL: http://www.wormonline.com/software.htm



Delphis Consulting Internet Security Team (DCIST) discovered the following

vulnerabilities in Worm HTTP Server under Windows NT.



Severity: medium



It is possible to cause a denial of service by passing a very log filename

in the url. This causes the Worm HTTP server to crash with a 'runtime error'

causeing denial of service.



Severity: high



It is possible to traverse directories lower than the web root by knowing

the exact path and filename of the file you wish to retrieve. This is

done by executing the double-dot-bug similar to other web servers.



II. Solution

============================================================================



Vendor Status: Informed



The work around for the directory traversal exploit will only work under

WindowsNT. Due to the fact that the Worm HTTP server runs as the useraccount



which started it allows you to set appropriate NTFS permissions to limit the



files the webserver is able to access.



III. Disclaimer

============================================================================

THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT

THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR

IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS.  NEITHER THE AUTHOR NOR THE

PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR

CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE

PLACED ON, THIS INFORMATION FOR ANY PURPOSE.

============================================================================

This e-mail and any files transmitted with it are intended solely for the

addressee and are confidential. They may also be legally

privileged.Copyright in them is reserved by Delphis Consulting PLC

["Delphis"] and they must not be disclosed to, or used by, anyone other than

the addressee.If you have received this e-mail and any accompanying files in

error, you may not copy, publish or use them in any way and you should

delete them from your system and notify us immediately.E-mails are not

secure.  Delphis does not accept responsibility for changes to e-mails that

occur after they have been sent.  Any opinions expressed in this e-mail may

be personal to the author and may not necessarily reflect the opinions of

Delphis