| VID |
22345 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Monkey HTTP server is vulnerable to a directory traversal vulnerability. Monkey, developed by Eduardo Silva, is a Web server written in C that works under Linux. This is an open source project based on the HTTP/1.1 protocol. Monkey version 0.1.4 could allow a remote attacker to view files residing outside of the Web root. By sending a specially-crafted URL containing "dot dot" sequences (/../), a remote attacker could traverse directories and view any file on the Web server.
* References:
http://www.securiteam.com/unixfocus/5FP10008AE.html
http://archives.neohapsis.com/archives/bugtraq/2002-09/0298.html
http://freshmeat.net/projects/monkey/?topic_id=250%2C92
* Platforms Affected:
Eduardo Silva, Monkey HTTP Daemon 0.4.1
Linux Any version |
| Recommendation |
Upgrade to the latest version of Monkey HTTP Daemon (0.5.0 or later), available from the Monkey HTTP Daemon Web site at http://monkeyd.sourceforge.net |
| Related URL |
CVE-2002-2154 (CVE) |
| Related URL |
5792 (SecurityFocus) |
| Related URL |
10188 (ISS) |
|
