Bajie HTTP server allows attacker to view arbitrary files
| bajie-view-arbitrary-files (5021) |  Low Risk |
Description:
Bajie's HTTP server could allow a remote attacker to view any file under the root directory on the Web server by appending four dots to a URL request. A remote attacker could use this vulnerability to compromise the system.
Platforms Affected:
- Gang Zhang, Bajie HTTP Server 0.30a
Remedy:
No remedy available as of July 6, 2008.
Consequences:
Obtain Information
References:
- Bajie Web site, Welcome to Bajie's homepage at http://go.to/bajie.
- BugTraq Mailing List, Mon Jul 31 2000 - 11:57:26 CDT, Two security flaws in Bajie Webserver at http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html.
- BID-1522: Bajie Webserver File Reading Vulnerability
- CVE-2000-0773: Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a ...., a variant of the dot dot directory traversal attack.
Reported:
Jul 30, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net