安全研究
安全漏洞
Apache Cygwin远程目录遍历漏洞
发布日期:2004-02-24
更新日期:2004-03-01
受影响系统:
Apache Software Foundation Apache 2.0a9描述:
Apache Software Foundation Apache 2.0.48
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.29
Apache Software Foundation Apache 1.3.27
Apache Software Foundation Apache 1.3.26
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.23
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
Apache Software Foundation Apache 1.3.19
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.12
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 1.0
Apache Software Foundation Apache 0.8.14
Apache Software Foundation Apache 0.8.11
Apache Software Foundation Apache 1.3.28
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Debian Linux 3.0
- Mandrake Linux Corporate Server 1.0.1
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- RedHat Linux 8.0
- RedHat Linux 7.3
- RedHat Linux 7.2
- Sun Solaris 9.0
- Sun Solaris 8.0
BUGTRAQ ID: 9733
CVE(CAN) ID: CVE-2004-0173
Apache cygwin是一款可在Windows平台上进行应用的环境。
Apache httpd在cygwin环境上对部分请求缺少充分过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。
提交包含多个对'../'进行URI编码的请求给cygwin环境上的Apache httpd,可绕过WEB ROOT限制,以WEB进程权限在系统上查看任意文件内容。
<*来源:Jeremy Bae (swbae@stgsecurity.com)
链接:http://www.securityfocus.com/archive/1/355013
*>
建议:
厂商补丁:
Apache Software Foundation
--------------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Apache Software Foundation Apache 1.3.29:
Apache Software Foundation Patch Apache cygwin 1.3.29 patch
http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=10222
浏览次数:4729
严重程度:0(网友投票)
绿盟科技给您安全的保障