在Cygwin上Apache的过滤漏洞

(2004-03-03 10:01 )( )(瑞星 )
导读-- Apache httpd在cygwin环境上对部分请求缺少充分过滤……

  受影响系统:

Apache Software Foundation Apache 2.0a9
Apache Software Foundation Apache 2.0.48
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.29
Apache Software Foundation Apache 1.3.27
Apache Software Foundation Apache 1.3.26
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.23
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
Apache Software Foundation Apache 1.3.19
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.12
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 1.0
Apache Software Foundation Apache 0.8.14
Apache Software Foundation Apache 0.8.11
Apache Software Foundation Apache 1.3.28
  Conectiva Linux 8.0
  Conectiva Linux 7.0
  Conectiva Linux 6.0
  Debian Linux 3.0
  Mandrake Linux Corporate Server 1.0.1
  Mandrake Linux 8.1
  Mandrake Linux 8.0
  Mandrake Linux 7.2
  RedHat Linux 8.0
  RedHat Linux 7.3
  RedHat Linux 7.2
  Sun Solaris 9.0
  Sun Solaris 8.0

  详细描述:

  Apache cygwin是一款可在Windows平台上进行应用的环境。Apache httpd在cygwin环境上对部分请求缺少充分过滤,远程攻击者可以利用这个漏洞进行目录遍历攻击。

  提交包含多个对'../'进行URI编码的请求给cygwin环境上的Apache httpd,可绕过WEB ROOT限制,以WEB进程权限在系统上查看任意文件内容。

  补丁下载

  Apache Software Foundation Apache 1.3.29:

  Apache Software Foundation Patch Apache cygwin 1.3.29 patch
http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=10222

责编:
订阅新闻邮件) (推荐) (打印) (关闭页面) (至顶) (我对此感兴趣
相关文章
天极社区邀请您:写博客日记  上传相片   论坛聊天  订阅电子杂志  彩信蚂蚁  推荐网摘  
笔名:
请您注意:

 遵守国家有关法律、法规,尊重网上道德,承担一切因您的行为而直接或间接引起的法律责任。

 天极网拥有管理笔名和留言的一切权利。