Vulnerability in Free Java Web Server

joetesta Sun, 04 Feb 2001 20:39:11 -0800

Vulnerability in Free Java Web Server



    Overview

Free Java Web Server v1.0 is a Java web server available from
http://www.download.com.  A vulnerability exists which allows a remote
user to break out of the web root using relative paths (ie: '..', '...').



    Details

        http://localhost/../[file outside web root]
        http://localhost/.../[file outside web root]



    Solution

No quick fix is possible.



    Vendor Status

    The author, Dattaraj J. Rao, was contacted via
<[EMAIL PROTECTED]> on Sunday, January 28, 2001.  No reply was
received.



        - Joe Testa  ( [EMAIL PROTECTED] )

Vulnerability in Free Java Web Server

Reply via email to