RaidenHTTPD Crafted Request Arbitrary File Access

high Nessus Plugin ID 16313

Synopsis

The remote web server is prone to a directory traversal attack.

Description

The remote host is running a version of RaidenHTTPD which is vulnerable to a remote directory traversal bug. An attacker exploiting this bug would be able to gain access to potentially confidential material outside of the web root.

Solution

Upgrade to RaidenHTTPD version 1.1.31 or later.

See Also

http://www3.autistici.org/fdonato/advisory/RaidenHTTPD1.1.27-adv.txt

https://seclists.org/fulldisclosure/2005/Feb/78

http://www.raidenhttpd.com/changelog.txt

Plugin Details

Severity: High

ID: 16313

File Name: raidenHTTPD_dir_traversal.nasl

Version: 1.17

Type: remote

Family: Web Servers

Published: 2/7/2005

Updated: 6/12/2020

Supported Sensors: Nessus

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/5/2005

Reference Information

BID: 12451