Vulnerabilities > CVE-2004-2617 - Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Pegasi Web Server 0.2.2 Arbitrary File Access. CVE-2004-2617. Remote exploit for linux platform |
| id | EDB-ID:23802 |
| last seen | 2016-02-02 |
| modified | 2004-03-11 |
| published | 2004-03-11 |
| reporter | Donato Ferrante |
| source | https://www.exploit-db.com/download/23802/ |
| title | Pegasi Web Server 0.2.2 - Arbitrary File Access |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-03/0109.html
- http://archives.neohapsis.com/archives/bugtraq/2004-03/0136.html
- http://secunia.com/advisories/11122
- http://sourceforge.net/forum/forum.php?forum_id=359660
- http://www.autistici.org/fdonato/advisory/pws0.2.2-adv.txt
- http://www.osvdb.org/4254
- http://www.securityfocus.com/bid/9847
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15435