Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Sedum HTTP server vulnerability

Sedum HTTP server vulnerability

by Phiber on February 5th, 2001 SEDUM HTTP Server v2.0 is a web server available from here and here. A vulnerability exists which allows a remote user to break out of the web root using relative paths (ie: '..', '...') ....


Details



http://localhost/../[file outside web root]

http://localhost/.../[file outside web root]







Solution



No quick fix is possible.






Vendor Status



The author, Guido Frassetto, was contacted via
and on Sunday, January 28, 2001 regarding version 1.1 of SEDUM. He replied promptly and stated that version 2.0 is immune to this problem. I downloaded the new version, ran more tests, and found that absolutely nothing is different. Since then, I have not heard back from Guido Frassetto.

- Contributed by Joe Testa via mailing list


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »