[NT] Jetty CGIServlet Arbitrary Command Execution
From: support@securiteam.comDate: 10/02/02
- Previous message: support@securiteam.com: "[NT] Multiple Vulnerabilities in SuperScout Web Reports Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 2 Oct 2002 23:21:34 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Jetty CGIServlet Arbitrary Command Execution
------------------------------------------------------------------------
SUMMARY
<http://www.mortbay.org/> Jetty is a 100% Java HTTP Server and Servlet
Container. A flaw in the CGIServlet allows an attacker to execute
arbitrary commands on the server
DETAILS
Vulnerable systems:
* Jetty web server versions prior to 4.1.0
Immune systems:
* Jetty web server version 4.1.0
Example:
Commands can be executed on the server by making requests like:
http://jetty-server:8080/cgi-bin/..\..\..\..\..\..\winnt/notepad.exe
Patch / Workaround Information:
The vendor responded quickly and has released a fixed version, 4.1.0 which
can be downloaded from <http://jetty.mortbay.org>
http://jetty.mortbay.org
Excerpt from Vendor announcement at:
<http://groups.yahoo.com/group/jetty-announce/message/45>
http://groups.yahoo.com/group/jetty-announce/message/45
'4.1.0 also contains a priority security fix for the CGI servlet running
on windows platforms. This remotely exploitable problem affects all
previous versions of Jetty that use the CGI servlet on windows without a
permissions file configured for the context. The CGI servlet from 4.1.0
may be used in 4.0 releases.'
ADDITIONAL INFORMATION
This advisory is available online at:
<http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt>
http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt
The information has been provided by <mailto:matt@westpoint.ltd.uk> Matt
Moore.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Multiple Vulnerabilities in SuperScout Web Reports Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
