Title: AN HTTPD Arbitrary Log Content Injection Vulnerability
Severity: HIGH
Description:
AN HTTPD is a Web server designed for use on Microsoft Windows operating systems.
AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation.
Specifically, an attacker can corrupt the log file (httpd.log) and create fake content by supplying URI requests containing CR and LF characters. Corruption of logs may result in concealing attacks and/or misleading an administrator.
This issue can also be exploited to carry out other attacks such as the execution of certain BAT file commands. AN HTTPD includes functionality to use BAT files as CGI scripts. The application parses BAT files and supports BAT file commands such as 'echo', 'set', 'echo.', '@echo' and 'type'. This functionality is provided by 'cmdIS.DLL'. As the log file resides in the document root, an attacker can place BAT file commands in the log file, which will be interpreted by 'cmdIS.DLL'.
This can result in the disclosure of source code and text files.
This issue may also aid in the exploitation of the vulnerability described in BID 13066 (AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability).
AN HTTPD 1.42n is reported vulnerable, however, it is possible that other versions are affected as well.
Affected Products:
- AN AN-HTTPd 1.42.0 n
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
