Jana Server contains a directory traversal vulnerability.
Versions 1.4x of Jana Server, a web server for Windows developed by T. Hauck, do not properly filter requests for hexadecimal encodings of ".." (dot-dot) and allows directory traversal out of the HTTP document root directory.
Remote users can view any file on the server with the privileges of the Jana server process.
Upgrade to Jana Server 2.0 beta or later at:
Thanks to nemesystm of the DHC for discovering this vulnerability.
This document was written by Shawn Van Ittersum.
|Date First Published:||2002-03-29|
|Date Last Updated:||2002-03-29 22:56 UTC|