Title: BRS WebWeaver FTP Root Path Disclosure Vulnerability
Severity: MODERATE
Description:
BRS WebWeaver is an ftpd and webserver from Blaine Southam.
WebWeaver's FTP component has a flaw which can permit a remote user to learn the physcial path to the FTP service's root directory.
By submitting the FTP command CD argumented by an asterisk character, the attacker can cause an error message to be generated by WebWeaver which includes the path for the ftp root.
Properly exploited, this information could assist a hostile user in carrying out other attacks on the system.
Affected Products:
- BRS WebWeaver 0.49.0 beta
- BRS WebWeaver 0.50.0 beta
- BRS WebWeaver 0.51.0 beta
- BRS WebWeaver 0.52.0 beta
- BRS WebWeaver 0.60.0 beta
- BRS WebWeaver 0.61.0 beta
- BRS WebWeaver 0.62.0 beta
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
