[NEWS] Xitami CGI Processing Failure Vulnerability

From: support@securiteam.com
Date: 05/20/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Mon, 20 May 2002 07:45:55 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Xitami CGI Processing Failure Vulnerability
------------------------------------------------------------------------

SUMMARY

 <http://www.imatix.com/html/xitami/> Xitami is a high-quality portable
free web server. An error in the way Xitami handles script processing
errors (including missing interpreters) could allow an attacker to steal
CGI script contents.

DETAILS

Vulnerable systems:
 * iMatix Co. Xitami Web Server version 2.4d9 and earlier.

Vendor Status:
iMatix support was notified 1 month ago, no response has been received.

Workaround:
If your CGI runs as expected, this vulnerability cannot be exploited (i.e.
if no error occurs the CGI's source code is not served).

ADDITIONAL INFORMATION

The information has been provided by <mailto:mattmurphy@kc.rr.com>
Matthew Murphy.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.