Aspen 0.8 – Directory Traversal

• Exploit Database
• 109 阅读

• 作者： Daniel Ricardo dos Santos
  日期： 2013-04-02
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/24915/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

  Aspen 0.8 - Directory Traversal Earlier versions are also possibly vulnerable.   INFORMATION   Product: Aspen 0.8 Remote-exploit: yes Vendor-URL: http://www.zetadev.com/software/aspen/   Discovered by: Daniel Ricardo dos Santos CVE Request - 15/03/2013 CVE Assign - 18/03/2013 CVE Number - CVE-2013-2619 Vendor notification - 18/03/2013 Vendor reply - No reply Public disclosure - 01/04/2013   OVERVIEW   Aspen 0.8 is vulnerable to a directory traversal.   INTRODUCTION   Aspen is a Python webserver. Aspen is framework-agnostic and relies heavily on WSGI. Aspen is fast enough.   VULNERABILITY DESCRIPTION   The vulnerability happens when directory indexing is turned on (default configuration in this version) and a user requests, for instance localhost/../../../../../../../etc/passwd.   The vulnerability may be tested with the following command-line: curl -v4 http://<server>:<port>/../../../../../../etc/passwd   VERSIONS AFFECTED   Tested with version 0.8 but earlier versions are possibly vulnerable.   SOLUTION   Upgrade to version 0.22 - http://aspen.io/   NOTES   The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2013-2619 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.   CREDITS   Daniel Ricardo dos Santos SEC+ Information Security Company - http://www.secplus.com.br/