TinyServer多个漏洞

TinyServer多个漏洞

漏洞ID 1107649 漏洞类型 路径遍历
发布时间 2004-01-24 更新时间 2005-10-20
图片[1]-TinyServer多个漏洞-安全小百科CVE编号 CVE-2004-2116
图片[2]-TinyServer多个漏洞-安全小百科CNNVD-ID CNNVD-200412-707
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23594
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-707
|漏洞详情
TinyServer1.1版本存在目录遍历漏洞。远程攻击者借助URL中的..(点点)读取或者下载任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/9485/info

TinyServer is prone to multiple vulnerabilities.

A directory traversal issue is present in TinyServer that could allow a remote user to view or download any file to which the server has access.

A denial of service issue exists due to the failure of the server to check input strings received. Attackers can crash the server by simply sending malformed HTTP GET requests. Sending an HTTP GET request with excessively long data can also cause the server to fail. It is not known if this issue may also result in code execution.

A cross-site scripting issue is also present in the server. This could allow for theft of cookie-based authentication credentials or other attacks. 

http://[host]/../../windows/system.ini
|参考资料

来源:XF
名称:tinyserver-dotdot-directory-traversal(14927)
链接:http://xforce.iss.net/xforce/xfdb/14927
来源:BID
名称:9485
链接:http://www.securityfocus.com/bid/9485
来源:www.autistici.org
链接:http://www.autistici.org/fdonato/advisory/tinyServer1.1%5B1.0.5%5D-adv.txt
来源:BUGTRAQ
名称:20040124TinyServer1.1(1.0.5)MultipleVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107496530806730&w;=2
来源:OSVDB
名称:3708
链接:http://www.osvdb.org/3708
来源:SECUNIA
名称:10707
链接:http://secunia.com/advisories/10707

相关推荐: PHPList Multiple unspecified Vulnerabilities

PHPList Multiple unspecified Vulnerabilities 漏洞ID 1097795 漏洞类型 Unknown 发布时间 2004-10-27 更新时间 2004-10-27 CVE编号 N/A CNNVD-ID N/A 漏洞平台…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享