T. Hauck Jana Server 1.45/1.46 - Hex Encoded Directory Traversal
| EKU-ID: 26364 | CVE: CVE-2001-0557;OSVDB-5779 | OSVDB-ID: |
| Author: neme-dhc | Published: 2001-05-07 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 26364 | CVE: CVE-2001-0557;OSVDB-5779 | OSVDB-ID: |
| Author: neme-dhc | Published: 2001-05-07 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/2703/info It is possible for a remote user to traverse the directories of a host running Jana Server. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal arbitrary directories. In addition to revealing directories, this vulnerability could enable a user to obtain the contents of files readable by the webserver user. www.example.com/%2e%2e/%2e%2e/ www.example.com/%2e%2e/%2e%2e/filename