| VID |
21257 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The dangerous sample scripts of the AspUpload resides on the Web server.
AspUpload is an Active Server component that allows users to upload files to ASP programs using a Web browser. AspUpload version 2.1 and 3.0 create by default sample scripts during installation. The sample scripts such as 'UploadScript11.asp' or 'DirectoryListing.asp' fails to properly filter "dot dot" characters, which allows a remote attacker to traverse directories on the Web server. The remote attacker can exploit this vulnerability to download and upload arbitrary files anywhere on the current drive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2001-11/0292.html
http://www.securityfocus.com/archive/1/243473
http://www.securiteam.com/windowsntfocus/5DP070U60M.html
* Platforms Affected:
ASPUpload version 2.1
ASPUpload version 3.0
Microsoft Windows Any version |
| Recommendation |
If it's not required, remove the sample scripts located in C:\Program Files\Persits Software\AspUpload\Samples.
-- OR --
Upgrade the latest version of AspUpload (3.0 or later) and apply all patches recommended by vendor, available at http://www.aspupload.com |
| Related URL |
CVE-2001-0938 (CVE) |
| Related URL |
3608 (SecurityFocus) |
| Related URL |
7628,7629 (ISS) |
|
