Lighttpd远程脚本源码泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195872 漏洞类型 设计错误
发布时间 2006-03-01 更新时间 2006-03-05
CVE编号 CVE-2006-0814 CNNVD-ID CNNVD-200603-045
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/16893
https://cxsecurity.com/issue/WLB-2006030023
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-045
|漏洞详情
lighttpd是德国软件开发者JanKneschke所研发的一款开源的Web服务器,它的主要特点是仅需少量的内存及CPU资源即可达到同类网页服务器的性能。LighttpdWebServer没有正确的验证用户在URL中提供的文件名扩展,允许攻击者可以通过包含有"."和空格字符的请求检索脚本文件(如PHP)的源码。
|漏洞EXP
======================================================================

Secunia Research 01/03/2006

- Lighttpd Script Source Disclosure Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software

* Lighttpd version 1.4.10 for Windows.

Other versions may also be affected.

====================================================================== 
2) Severity

Rating: Moderately Critical
Impact: Exposure of sensitive information
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Lighttpd, which
can be exploited by malicious people to disclose potentially sensitive
information.

The vulnerability is caused due to a validation error of the filename
extension supplied by the user in the URL. This can be exploited to
retrieve the source code of script files (e.g. PHP) from the server
via specially-crafted requests containing dot and space characters.

====================================================================== 
4) Solution

Update to version 1.4.10a for Windows.

====================================================================== 
5) Time Table

15/02/2006 - Initial vendor notification.
16/02/2006 - Initial vendor reply.
01/03/2006 - Public disclosure.

====================================================================== 
6) Credits

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2006-0814 for the vulnerability.

====================================================================== 
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-9/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================
|受影响的产品
lighttpd lighttpd 1.4.10
|参考资料

来源:BUGTRAQ
名称:20060301SecuniaResearch:LighttpdScriptSourceDisclosureVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/426446/100/0/threaded
来源:VUPEN
名称:ADV-2006-0782
链接:http://www.frsirt.com/english/advisories/2006/0782
来源:MISC
链接:http://secunia.com/secunia_research/2006-9/advisory/
来源:SECUNIA
名称:18886
链接:http://secunia.com/advisories/18886
来源:XF
名称:lighttpd-source-code-disclosure(24976)
链接:http://xforce.iss.net/xforce/xfdb/24976
来源:OSVDB
名称:23542
链接:http://www.osvdb.org/23542
来源:trac.lighttpd.net
链接:http://trac.lighttpd.net/trac/changeset/1005
来源:BID
名称:16893
链接:http://www.securityfocus.com/bid/16893
来源:SECTRACK
名称:1015703
链接:http://securitytracker.com/id?1015703
来源:SREASON
名称:523
链接:http://securityreason.com/securityalert/523