Zervit Webserver Directory Traversal

vendor:

Zervit

by:

e.wiZz!

7,5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Zervit

Affected Version From: 0.2.1

Affected Version To: 0.2.1

Patch Exists: YES

Related CWE: CVE-2009-1445

CPE: a:zervit:zervit:0.2.1

Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2012-1445/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2012-1445-1/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

Zervit Webserver Directory Traversal

Zervit Webserver is vulnerable to a directory traversal attack. This vulnerability allows an attacker to view arbitrary files on the server, including sensitive files such as boot.ini. The vulnerability is caused due to the improper sanitization of user-supplied input to the 'GET' parameter. This can be exploited to read arbitrary files on the server by sending a specially crafted HTTP request.

Mitigation:

Upgrade to the latest version of Zervit Webserver.

Source

Exploit-DB raw data:

####################  Zervit Webserver Directory Traversal   ############################


############### By:      e.wiZz!

###############Site:   www.balcansecurity.com


############### Found with ServMeNot (world's sexiest fuzzer :P )



In the wild...

########################################################################################

#Site:  http://zervit.sourceforge.net/

#Info:  Zervit is the first compact, portable HTTP/Web Server made for human beings. 
It is being developed thinking in the people that will make use of it and tries to make itself intuitive. 
It aims to make file sharing or displaying a web easier than the current servers do. 

#Vulnerability:

http://[site]/../../../../../../boot.ini

# milw0rm.com [2009-04-16]