| VID |
210089 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The RaidenHTTPD HTTP server is vulnerable to a local file include vulnerability in the 'workspace.php' script. RaidenHTTPD is a full featured web server for Microsoft Windows operating systems. RaidenHTTPD version 2.0.19 could allow a remote attacker to traverse directories on the system, caused by improper validation of user-supplied input passed to the 'ulang' parameter of the '/raidenhttpd-admin/workspace.php' script. Provided the server's WebAdmin feature has been enabled, by sending a specially-crafted URL request to the /raidenhttpd-admin/workspace.php script containing back slash and "dot dot" sequences (\..\) and a filename followed by a null character (%00) in the ulang parameter, a remote attacker could read arbitrary files or to execute arbitrary PHP code on the on the affected system.
* References:
http://retrogod.altervista.org/rgod_raidenhttpdudo.html
http://www.securityfocus.com/archive/1/485221/30/0/threaded
http://www.frsirt.com/english/advisories/2007/4244
http://secunia.com/advisories/28143
* Platforms Affected:
RaidenHTTPD Team, RaidenHTTPD version 2.0.19
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of January 2008.
Upgrade to a fixed version of RaidenHTTPD, when new fixed version becomes available from the RaidenHTTPD Web site at http://www.raidenhttpd.com/en/index.html
As a workaround, disable WebAdmin feature. |
| Related URL |
CVE-2007-6453 (CVE) |
| Related URL |
26903 (SecurityFocus) |
| Related URL |
39088 (ISS) |
|
