Vulnerabilities > CVE-2003-0832 - Unspecified vulnerability in Webfs

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
webfs
nessus

Summary

Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.

Vulnerable Configurations

Part Description Count
Application
Webfs
4

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-392.NASL
descriptionJens Steube reported two vulnerabilities in webfs, a lightweight HTTP server for static content. CAN-2003-0832 - When virtual hosting is enabled, a remote client could specify
last seen2020-06-01
modified2020-06-02
plugin id15229
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15229
titleDebian DSA-392-1 : webfs - buffer overflows, file and directory exposure
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-392. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15229);
  script_version("1.24");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2003-0832", "CVE-2003-0833");
  script_bugtraq_id(8724, 8726);
  script_xref(name:"DSA", value:"392");

  script_name(english:"Debian DSA-392-1 : webfs - buffer overflows, file and directory exposure");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Jens Steube reported two vulnerabilities in webfs, a lightweight HTTP
server for static content.

 CAN-2003-0832 - When virtual hosting is enabled, a remote client
 could specify '..' as the hostname in a request, allowing retrieval
 of directory listings or files above the document root.

 CAN-2003-0833 - A long pathname could overflow a buffer allocated on
 the stack, allowing execution of arbitrary code. In order to exploit
 this vulnerability, it would be necessary to be able to create
 directories on the server in a location which could be accessed by
 the web server. In conjunction with CAN-2003-0832, this could be a
 world-writable directory such as /var/tmp."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2003/dsa-392"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"For the current stable distribution (woody) these problems have been
fixed in version 1.17.2.

We recommend that you update your webfs package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webfs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/09/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"webfs", reference:"1.17.2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");