Home » Hacking News » Xerver Directory Traversal Vulnerability

Xerver Directory Traversal Vulnerability

by Nikola Strahija on March 12th, 2002 Xerver is a freely available webserver, written in Java. It will run on any operating system with Java installed, including Microsoft Windows, Unix/Linux variants, MacOS, etc.

Dot-dot-slash (../) sequences are not filtered from web requests. It is possible for a remote attacker to craft a malicious web request which is capable of breaking out of wwwroot. This has the potential to disclose arbitrary web-readable files to remote attackers.

It should be noted that webservers on Microsoft Windows operating systems normally run with SYSTEM privileges, meaning the attacker may potentially disclose the contents of any file.

This issue was reported for v2.10 of Xerver. Earlier versions may also be affected.

Remote: Yes

Exploit: This issue may be exploited with a web browser.

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Our online shop
Top sellers
New Items
Books
Software

Xatrix.org © Copyright 2001-2016, Xatrix Security . All Rights Reserved
Hacking into a victim of crime's phone is a sort of poetically elegant manifestation of a modus operandi the tabloids have. - Steve Coogan

Users login

JOIN XATRIX

Xerver Directory Traversal Vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact