Title: QNX Voyager Webserver Multiple Vulnerabilities
Severity: MODERATE
Description:
The web server supplied with the QNX Voyager demo disk contains several vulnerabilities.
First, Voyager will follow relative paths passed to it in requests. This includes ../ style paths, which will allow Voyager to serve pages outside of the "document root".
Another vulnerability is that the web server does not have sufficient security restrictions - this means that the web server can access any file, including protected files and special /dev entries.
As well, due to the integration of the web browser and web server, information used by the Photon GUI is easily exposed by requesting files under /.photon/. Additionally, html files generated by the web browser (error messages, for example) and the QNX configuration interface share the same directory as published html files.
While the Voyager web server is not intended to be used in a production environment, and is in fact intended only to be a demo of the QNX OS, users should be aware of these design errors.
Affected Products:
- QSSL QNX 4.0.0 5 Demo Disk
- QSSL Voyager 2.0.0 1B
References:
- QNX Software Systems Ltd.: QNX Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
