Secunia Security Advisory - Ziv Kamir has discovered two vulnerabilities in Jeuce Personal Web Server, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service).
d8e80259c936add710258705b3aaa2543a33818e0285a0fd79e80913d7a22bd7
TITLE:
Jeuce Personal Web Server Two Vulnerabilities
SECUNIA ADVISORY ID:
SA13732
VERIFY ADVISORY:
http://secunia.com/advisories/13732/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information, DoS
WHERE:
>From remote
SOFTWARE:
Jeuce Personal Web Server 2.x
http://secunia.com/product/4485/
DESCRIPTION:
Ziv Kamir has discovered two vulnerabilities in Jeuce Personal Web
Server, which can be exploited by malicious people to disclose
sensitive information and cause a DoS (Denial of Service).
1) An input validation error makes it possible to access arbitrary
files outside the web root via directory traversal attacks.
2) An error in the handling of certain URLs can be exploited to crash
the service by accessing a specially crafted URL.
Example:
http://[victim]/://
The vulnerabilities have been confirmed on version 2.13. Other
versions may also be affected.
SOLUTION:
Filter traffic to the service or use another product.
PROVIDED AND/OR DISCOVERED BY:
Ziv Kamir, Global Security Solution IT.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------