header-logo
Suggest Exploit
vendor:
webMathematica
by:
SecurityFocus
7.5
CVSS
HIGH
File Disclosure Vulnerability
22
CWE
Product Name: webMathematica
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Wolfram Research’s webMathematica File Disclosure Vulnerability

A file disclosure vulnerability has been reported with the MSP CGI program. A file name parameter supplied by the user is not properly validated. The inclusion of '../' character sequences allows the attacker to escape the web root, and view arbitrary system files.

Mitigation:

Validate user input to prevent the inclusion of '../' character sequences.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5035/info

Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied input.

A file disclosure vulnerability has been reported with the MSP CGI program. A file name parameter supplied by the user is not properly validated. The inclusion of "../" character sequences allows the attacker to escape the web root, and view arbitrary system files.

http://www.domain.com/webMathematica/MSP?MSPStoreID=../../../../../etc/passwd&MSPStoreType=image/gif

Navigation

Suggest Exploit

Services By CQR