| VID |
27330 |
| Severity |
30 |
| Port |
4274 |
| Protocol |
TCP |
| Class |
P2P |
| Detailed Description |
The Xedus P2P Web server is vulnerable to a directory traversal vulnerability.
Xedus is a Peer-to-Peer web server for Microsoft Windows platforms and provides you with the ability to share files, music, and any other media. The Xedus web server by default listens for incoming connections on port 4274, however this value can be edited by the administrator of the Xedus web server. Xedus version 1.0 could allow a remote attacker to access arbitrary files located outside of the configured web root. A remote attacker could send a specially-crafted URL containing "dot dot" sequences (../) to traverse directories and view arbitrary files on the system with the privileges of the web server.
* References:
http://www.securityfocus.com/archive/1/373506
http://packetstormsecurity.nl/0409-exploits/00047-08302004.txt
* Platforms Affected:
Jerod Moemeka, Xedus 1.0
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of November 2004.
Upgrade to the new version of Xedus, when new version fixed this problem becomes available from the Xedus Home page at http://www.thinxoft.com/ |
| Related URL |
(CVE) |
| Related URL |
11071 (SecurityFocus) |
| Related URL |
17167 (ISS) |
|
