I. BACKGROUND
As its name suggests, Peter Sandvik's Simple Web Server is a Linux-based web server. More information about it is available at
http://www.linuxstuffs.cjb.net.
II. DESCRIPTION
Restricted files can be remotely accessed because of Simple Web Server's failure to properly handle malformed URL requests for said files. For example, if a standard URL to access a restricted file is
http://server.com/secret/file, the altered URL http://server.com///secret/file will bypass any access control on that file, thereby granting unauthorized access to it.
III. ANALYSISThe resulting damage from accessing restricted files on the web server is dependent on the actual file accessed and what kind of information is contained within. Simple Web Server is not a widely distributed web server, according to Netcraft.com. As such, the likelihood of widespread exploitation is unlikely.
IV. DETECTION
Simple Web Server 0.5.1, running on Red Hat Linux 7.3, is vulnerable. The vulnerability does not seem to be platform-specific, since it works on Debian Linux 3.0 as well.
V. WORKAROUNDMigrate to other supported web servers, being the software is no longer actively maintained.
VI. VENDOR RESPONSE
Peter Sandvik said he will suspend work on the project for now, being he "doesn't have time to work on it."
VII. CVE INFORMATIONThe Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project assigned the identification number CAN-2002-1238 to this issue.
VIII. DISCLOSURE TIMELINE08/29/2002 Issue disclosed to iDEFENSE
09/25/2002 Maintainer, Peter Sandvik notified
09/25/2002 iDEFENSE clients notified
09/25/2002 Response received from Peter Sandvik (peter.sandvik@home.se)
09/26/2002 Started e-mail discussions regarding status of software support
10/31/2002 Last e-mail received regarding status of software support
11/08/2002 Public disclosure
IX. CREDIT
Tamer Sahin (ts@securityoffice.net) discovered this vulnerability.
