[VulnWatch] wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
From: Matt Moore (matt@westpoint.ltd.uk)Date: 10/02/02
- Previous message: Matt Moore: "[VulnWatch] wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 02 Oct 2002 16:58:41 +0100 From: Matt Moore <matt@westpoint.ltd.uk> To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
Westpoint Security Advisory
Title: Jetty CGIServlet Arbitrary Command Execution
Risk Rating: Medium
Software: Jetty Servlet Container
Platforms: Win32 (other platforms not tested)
Vendor URL: www.mortbay.org
Author: Matt Moore <matt@westpoint.ltd.uk>
Date: 1st October 2002
Advisory ID#: wp-02-0011.txt
Overview:
=========
Jetty is a 100% Java HTTP Server and Servlet Container. A flaw
in the CGIServlet allows an attacker to execute arbitrary commands
on the server.
Details:
========
Commands can be executed on the server by making requests like:
http://jetty-server:8080/cgi-bin/..\..\..\..\..\..\winnt/notepad.exe
Patch / Workaround Information:
===============================
The vendor responded quickly and has released a fixed version, 4.1.0
which can be downloaded from http://jetty.mortbay.org
Excerpt from Vendor announcement at:
http://groups.yahoo.com/group/jetty-announce/message/45
'4.1.0 also contains a priority security fix for the CGI servlet
running on windows platforms. This remotely exploitable problem
effects all previous versions of Jetty that use the CGI servlet
on windows without a permissions file configured for the context.
The CGI servlet from 4.1.0 may be used in 4.0 releases.'
This advisory is available online at:
http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt
- Previous message: Matt Moore: "[VulnWatch] wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
