uhttp Server Path Traversal Vulnerability

 Name              uhttp Server
 Vendor            http://uhttps.sourceforge.net
 Versions Affected 0.1.0-alpha

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-03-10

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 VI.   DISCLOSURE TIMELINE
 

I. ABOUT THE APPLICATION

An ultra lightweight webserver with  a very  small  memory
usage.


II. DESCRIPTION

Bad chars are not properly sanitised.


III. ANALYSIS

Summary:

 A) Path Traversal

A) Path Traversal

The problem is in the management of the bad chars that can
be  used  to  launch  some attacks,  such as the directory
traversal.
The path traversal sequence ('../') is not checked, so  it
can be used for seeking the  directories  of the  affected
system.


IV. SAMPLE CODE

The following is a simple example:

GET /../../../../../../etc/passwd HTTP/1.1

In this example, the daemon has been started in the follows
path: /home/drosophila/downloads/uhttps/src


V. FIX

No patch.


VIII. DISCLOSURE TIMELINE

2010-03-10 Bug discovered
2009-03-10 Advisory Release