Sign-up

ID

VAR-200801-0319


CVE

CVE-2008-0338


TITLE

MiniWeb HTTP Server of http.c Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2008-003960

DESCRIPTION

Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. MiniWeb is prone to a directory-traversal vulnerability and a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to gain access to files outside the webroot, execute arbitrary code within the context of the affected application, or crash the application. This issue affects MiniWeb 0.8.19; other versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: MiniWeb HTTP Server Buffer Overflow and Directory Traversal SECUNIA ADVISORY ID: SA28512 VERIFY ADVISORY: http://secunia.com/advisories/28512/ CRITICAL: Highly critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: >From remote SOFTWARE: MiniWeb HTTP Server 0.x http://secunia.com/product/14459/ DESCRIPTION: Hamid Ebadi has discovered two vulnerabilities in MiniWeb HTTP Server, which can be exploited by malicious people to disclose sensitive information, to cause a DoS (Denial of Service), or to potentially compromise a vulnerable system. 1) A boundary error exists within the "_mwProcessReadSocket()" function in http.c. This can be exploited to cause a heap-based buffer overflow via a URL that is 3600-4000 characters long. Successful exploitation of this vulnerability allows performing a DoS (Denial of Service) or the potential execution of arbitrary code. 2) Input passed in the URL to the "mwGetLocalFileName()" function in http.c is not properly sanitised before being used. This can be exploited to display arbitrary files with directory traversal attacks of the form ".%2e/.%2e/" or "%2e%2e/%2e%2e/". The vulnerabilities are confirmed in version 0.8.19. SOLUTION: Restrict access to the web service. Use another product. PROVIDED AND/OR DISCOVERED BY: Hamid Ebadi ORIGINAL ADVISORY: http://www.bugtraq.ir/adv/miniweb_english.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-0338 // JVNDB: JVNDB-2008-003960 // BID: 27319 // PACKETSTORM: 62677

AFFECTED PRODUCTS

vendor:miniweb http servermodel:miniweb http serverscope:eqversion:0.8.19

Trust: 2.4

vendor:stanleymodel:huang miniwebscope:eqversion:0.8.19

Trust: 0.3

sources: BID: 27319 // JVNDB: JVNDB-2008-003960 // CNNVD: CNNVD-200801-273 // NVD: CVE-2008-0338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0338
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-0338
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200801-273
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2008-0338
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2008-003960 // CNNVD: CNNVD-200801-273 // NVD: CVE-2008-0338

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2008-003960 // NVD: CVE-2008-0338

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200801-273

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200801-273

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003960

PATCH
title:MiniWeb HTTP serverurl:http://sourceforge.net/projects/miniweb/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003960

EXTERNAL IDS
db:NVDid:CVE-2008-0338
Trust: 2.7
db:BIDid:27319
Trust: 1.9
db:SECUNIAid:28512
Trust: 1.7
db:EXPLOIT-DBid:4923
Trust: 1.6
db:VUPENid:ADV-2008-0176
Trust: 1.6
db:JVNDBid:JVNDB-2008-003960
Trust: 0.8
db:XFid:39718
Trust: 0.6
db:MILW0RMid:4923
Trust: 0.6
db:CNNVDid:CNNVD-200801-273
Trust: 0.6
db:PACKETSTORMid:62677
Trust: 0.1
sources:
            
            
            BID: 27319 // 
            
            
            
            JVNDB: JVNDB-2008-003960 // 
            
            
            
            PACKETSTORM: 62677 // 
            
            
            
            CNNVD: CNNVD-200801-273 // 
            
            
            
            NVD: CVE-2008-0338

REFERENCES
url:http://www.bugtraq.ir/adv/miniweb_english.pdf
Trust: 1.7
url:http://secunia.com/advisories/28512
Trust: 1.6
url:http://www.securityfocus.com/bid/27319
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/39713
Trust: 1.0
url:http://www.vupen.com/english/advisories/2008/0176
Trust: 1.0
url:https://www.exploit-db.com/exploits/4923
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0338
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0338
Trust: 0.8
url:http://www.milw0rm.com/exploits/4923
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/39718
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0176
Trust: 0.6
url:http://sourceforge.net/projects/miniweb
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/product/14459/
Trust: 0.1
url:http://secunia.com/advisories/28512/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            BID: 27319 // 
            
            
            
            JVNDB: JVNDB-2008-003960 // 
            
            
            
            PACKETSTORM: 62677 // 
            
            
            
            CNNVD: CNNVD-200801-273 // 
            
            
            
            NVD: CVE-2008-0338

CREDITS
Hamid Ebadi
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200801-273

SOURCES
db:BIDid:27319
db:JVNDBid:JVNDB-2008-003960
db:PACKETSTORMid:62677
db:CNNVDid:CNNVD-200801-273
db:NVDid:CVE-2008-0338

LAST UPDATE DATE
2025-04-10T23:09:40.476000+00:00

SOURCES UPDATE DATE
db:BIDid:27319date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2008-003960date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200801-273date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0338date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:BIDid:27319date:2008-01-16T00:00:00
db:JVNDBid:JVNDB-2008-003960date:2012-09-25T00:00:00
db:PACKETSTORMid:62677date:2008-01-17T04:45:41
db:CNNVDid:CNNVD-200801-273date:2008-01-17T00:00:00
db:NVDid:CVE-2008-0338date:2008-01-17T22:00:00