TITLE:
Jeuce Personal Web Server Two Vulnerabilities

SECUNIA ADVISORY ID:
SA13732

VERIFY ADVISORY:
http://secunia.com/advisories/13732/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information, DoS

WHERE:
>From remote

SOFTWARE:
Jeuce Personal Web Server 2.x
http://secunia.com/product/4485/

DESCRIPTION:
Ziv Kamir has discovered two vulnerabilities in Jeuce Personal Web
Server, which can be exploited by malicious people to disclose
sensitive information and cause a DoS (Denial of Service).

1) An input validation error makes it possible to access arbitrary
files outside the web root via directory traversal attacks.

2) An error in the handling of certain URLs can be exploited to crash
the service by accessing a specially crafted URL.

Example:
http://[victim]/://

The vulnerabilities have been confirmed on version 2.13. Other
versions may also be affected.

SOLUTION:
Filter traffic to the service or use another product.

PROVIDED AND/OR DISCOVERED BY:
Ziv Kamir, Global Security Solution IT.

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------