Pegasi Web Server多个输入验证漏洞

漏洞信息详情

Pegasi Web Server多个输入验证漏洞

• CNNVD编号：CNNVD-200412-1003
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-2617
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-12-15
  
• 厂        商：
  
  pegasi_web_server
• 漏洞来源：
  Discovery is credi…

Pegasi Web Server (PWS) 0.2.2版本存在目录遍历漏洞。远程攻击者借助URI中初始的\’\’/\’\’ (斜线)之后的..(点 点）目录读取Web根目录以外的文件。

The vendor has released an update to address the issues described in this BID. Users who are potentially affected are advised to apply this upgrade as soon as possible.
Pegasi Web Server Pegasi Web Server 0.2.2

• Jan De Luyck pws-0.2.3.tar.gz
  
  http://prdownloads.sourceforge.net/pws/pws-0.2.3.tar.gz?download

来源: XF
名称: pws-dotdot-directory-traversal(15435)
链接:http://xforce.iss.net/xforce/xfdb/15435

来源: BID
名称: 9847
链接:http://www.securityfocus.com/bid/9847

来源: OSVDB
名称: 4254
链接:http://www.osvdb.org/4254

来源: sourceforge.net
链接:http://sourceforge.net/forum/forum.php?forum_id=359660

来源: SECUNIA
名称: 11122
链接:http://secunia.com/advisories/11122

来源: www.autistici.org
链接:http://www.autistici.org/fdonato/advisory/pws0.2.2-adv.txt

来源: BUGTRAQ
名称: 20040314 Re: Multiple Vulnerabilities in PWS 0.2.2
链接:http://archives.neohapsis.com/archives/bugtraq/2004-03/0136.html

来源: BUGTRAQ
名称: 20040311 Multiple Vulnerabilities in PWS 0.2.2
链接:http://archives.neohapsis.com/archives/bugtraq/2004-03/0109.html