Vulnerability in Picserver




    Overview

Picserver is a specialized webserver available from http://www.informs.com
and http://www.zdnet.com.  A vulnerability exists which allows a remote
user to break out of the web root using relative paths (ie: '..', '...').



    Details

        http://localhost:7000/../[file outside web root]
        http://localhost:7000/.../[file outside web root]



    Solution

No quick fix is possible.



    Vendor Status

Information Management Specialists, Inc. was contacted via
<[EMAIL PROTECTED]> and <[EMAIL PROTECTED]> on Monday, January 29,
2001.  No reply was received.



        - Joe Testa  ( e-mail: [EMAIL PROTECTED] / AIM: LordSpankatron
)

Reply via email to