| VID |
22433 |
| Severity |
30 |
| Port |
6670 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Plain Old Webserver is vulnerable to a directory traversal vulnerability. Plain Old Webserver is a Firefox extension that acts as a web server. Plain Old Webserver (POW) add-on versions prior to 0.0.9 for Mozilla Firefox could allow a remote attacker to traverse directories on the system. By sending a specially-crafted HTTP request containing "dot dot" sequences (/../), a remote attacker could traverse directories and read arbitrary files on the affected system.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0197.html
http://www.frsirt.com/english/advisories/2007/0558
http://secunia.com/advisories/24127/
* Platforms Affected:
Mozilla Plain Old Webserver (POW) version 0.0.8 and earlier versions
Apple Mac OS X Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Plain Old Webserver (0.0.9 or later), available from the Mozilla Web site at https://addons.mozilla.org/firefox/3002/history/ |
| Related URL |
CVE-2007-0872 (CVE) |
| Related URL |
22502 (SecurityFocus) |
| Related URL |
32467 (ISS) |
|
