[VIM] 04WebServer security page ACK's various vulns

Steven M. Christey coley at mitre.org
Thu Aug 17 18:48:56 EDT 2006 

The page:

http://www.soft3304.net/04WebServer/Security.html

(thanks to whichever VDB we got this from, assuming we didn't find it
ourselves; I wasn't personally involved in handling these).

Below are detailed notes on which CVE's are addressed, along with
rough Google translations of the associated items (the site is
Japanese).

Disclosure dates for some older vulns had to be estimated since we
couldn't readily find these details.

- Steve


======================================================
Name: CVE-2002-2216
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2216
Acknowledged: yes changelog
Announced: 20020602
Flaw: unk
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html

Soft3304 04WebServer before 1.20 does not properly process URL
strings, which allows remote attackers to obtain unspecified sensitive
information.


Analysis:
ACKNOWLEDGEMENT: An automated translation of the CONFIRM says "The
version which is related ... Before v1.20 ... With the coding mistake
of URL character string processing ... access to the optional file is
permitted ... there is a possibility private information ... flowing
out outside."

ACCURACY: the announcement date is unknown, but a download of 1.20
shows the most recent file being Jun 2, 2002.


======================================================
Name: CVE-2004-1512
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1512
Acknowledged: yes changelog
Announced: 20041110
Flaw: XSS
Reference: BUGTRAQ:20041110 04WebServer Three Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110012542615484&w=2
Reference: BUGTRAQ:20041115 Re: 04WebServer Three Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110054395311823&w=2
Reference: MISC:http://www.security.org.sg/vuln/04webserver142.html
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html
Reference: BID:11652
Reference: URL:http://www.securityfocus.com/bid/11652
Reference: SECUNIA:13159
Reference: URL:http://secunia.com/advisories/13159/
Reference: XF:04webserver-error-xss(18033)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18033

Cross-site scripting (XSS) vulnerability in Response_default.html in
04WebServer 1.42 allows remote attackers to execute arbitrary web
script or HTML via script code in the URL, which is not quoted in the
resulting default error page.


Analysis:
ACKNOWLEDGEMENT: An automated translation of the CONFIRM says "The
version which is related ... Before v1.43 ... The vulnerability by the
cross script of the error page ... By the fact that it works in
URL...."

ACKNOWLEDGEMENT: The three "Before v1.43" entries in this changelog
appear to match "BUGTRAQ:20041110 04WebServer Three Vulnerabilities."
The translated wording for each individual one may be marginal, but
when they are taken together, it is much more clear that the vendor is
acknowledging all of the publicly reported vulnerabilities in this
version.


======================================================
Name: CVE-2004-1513
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1513
Acknowledged: yes changelog
Announced: 20041110
Flaw: other
Reference: BUGTRAQ:20041110 04WebServer Three Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110012542615484&w=2
Reference: BUGTRAQ:20041115 Re: 04WebServer Three Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110054395311823&w=2
Reference: MISC:http://www.security.org.sg/vuln/04webserver142.html
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html
Reference: BID:11652
Reference: URL:http://www.securityfocus.com/bid/11652
Reference: SECUNIA:13159
Reference: URL:http://secunia.com/advisories/13159/
Reference: XF:04webserver-web-log-spoofing(18034)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18034

04WebServer 1.42 does not adequately filter data that is written to
log files, which could allow remote attackers to inject carriage
return characters into the log file and spoof log entries.


Analysis:
ACKNOWLEDGEMENT: An automated translation of the CONFIRM says "The
version which is related ... Before v1.43 ... The vulnerability which
can disguise the log ... By the fact that it works in URL...."

ACKNOWLEDGEMENT: The three "Before v1.43" entries in this changelog
appear to match "BUGTRAQ:20041110 04WebServer Three Vulnerabilities."
The translated wording for each individual one may be marginal, but
when they are taken together, it is much more clear that the vendor is
acknowledging all of the publicly reported vulnerabilities in this
version.


======================================================
Name: CVE-2004-1514
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1514
Acknowledged: yes changelog
Announced: 20041110
Flaw: msdos-device
Reference: BUGTRAQ:20041110 04WebServer Three Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110012542615484&w=2
Reference: BUGTRAQ:20041115 Re: 04WebServer Three Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110054395311823&w=2
Reference: MISC:http://www.security.org.sg/vuln/04webserver142.html
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html
Reference: BID:11652
Reference: URL:http://www.securityfocus.com/bid/11652
Reference: SECUNIA:13159
Reference: URL:http://secunia.com/advisories/13159/
Reference: XF:04webserver-dos-devices-dos(18036)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18036

04WebServer 1.42 allows remote attackers to cause a denial of service
(fail to restart properly) via an HTTP request for an MS-DOS device
name such as COM2.


Analysis:
ACKNOWLEDGEMENT: An automated translation of the CONFIRM says "The
version which is related ... Before v1.43 ... The vulnerability which
opens the MS-DOS system device ... when MS-DOS system device name is
appointed ...  Depending on operation ... there is a possibility of
being operated from outside."

ACKNOWLEDGEMENT: The three "Before v1.43" entries in this changelog
appear to match "BUGTRAQ:20041110 04WebServer Three Vulnerabilities."
The translated wording for each individual one may be marginal, but
when they are taken together, it is much more clear that the vendor is
acknowledging all of the publicly reported vulnerabilities in this
version.


======================================================
Name: CVE-2004-2661
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2661
Acknowledged: yes changelog
Announced: 20040313
Flaw: unk
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html

Soft3304 04WebServer before 1.41 does not properly check file names,
which allows remote attackers to obtain sensitive information (CGI
source code).


Analysis:
ACKNOWLEDGEMENT: An automated translation of the CONFIRM says "The
version which is related ... Before v1.41 ... By the trouble of file
name check, the source code of CGI is indicated under condition ...."

ACCURACY: the announcement date is unknown, but a download of 1.41
shows the most recent file to be Mar 13, 2004, so this was used as the
ANNOUNCE.


======================================================
Name: CVE-2004-2662
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2662
Acknowledged: yes changelog
Announced: 20040313
Flaw: dos-flood
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html

Soft3304 04WebServer before 1.41 allows remote attackers to cause a
denial of service (resource consumption or crash) via certain data
related to OpenSSL, which causes a thread to terminate but continue to
hold resources.


Analysis:
ACKNOWLEDGEMENT: An automated translation of the CONFIRM says "The
version which is related ... Before v1.41 ... With the vulnerability
of OpenSSL, when the data of specification is received, the server
thread forces ends. When the server thread forces ends, because the
resource which that thread has utilized is not released, when it
continues to reecive attack, you use the system resources and exhaust
and there is a possibility the knocking server down."

ACCURACY: the announcement date is unknown, but a download of 1.41
shows the most recent file to be Mar 13, 2004, so this was used as the
ANNOUNCE.


======================================================
Name: CVE-2005-1416
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1416
Acknowledged: yes changelog
Announced: 20050503
Flaw: dot
Reference: MISC:http://osvdb.org/ref/16/16067-04webserver.txt
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html
Reference: FRSIRT:ADV-2005-0448
Reference: URL:http://www.frsirt.com/english/advisories/2005/0448
Reference: OSVDB:16067
Reference: URL:http://www.osvdb.org/16067
Reference: SECUNIA:15230
Reference: URL:http://secunia.com/advisories/15230

Directory traversal vulnerability in 04WebServer 1.81 allows remote
attackers to read files outside of the web root but within the
installation folder.


Analysis:
ACKNOWLEDGEMENT: An automated translation of the CONFIRM says "The
version which is related ... Before v1.81 ... From the document route
the vulnerability which can be accessed the superior file/the folder
...  Depending upon the trouble of request processing, being able to
access the directory with respect to one than the document route ...."


======================================================
Name: CVE-2006-4199
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4199
Acknowledged: yes changelog
Announced: 20060814
Flaw: XSS
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html
Reference: BID:19496
Reference: URL:http://www.securityfocus.com/bid/19496
Reference: SECUNIA:21504
Reference: URL:http://secunia.com/advisories/21504
Reference: XF:04webserver-error-page-xss(28354)
Reference: URL:http://xforce.iss.net/xforce/xfdb/28354

Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83
and earlier allows remote attackers to inject arbitrary web script or
HTML via the URL, which is not properly sanitized before it is
returned in an error page, a different vulnerability than
CVE-2004-1512.


Analysis:
ACKNOWLEDGEMENT: The original 04WebServer security posting is not in
English; however, a Google translation states: "The vulnerability by
the cross sight script of the error page...By the fact that it works
in URL, there is a possibility of making the dangerous script the user
execute which is accessed."


======================================================
Name: CVE-2006-4200
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4200
Acknowledged: yes changelog
Announced: 20060814
Flaw: unk
Reference: CONFIRM:http://www.soft3304.net/04WebServer/Security.html
Reference: BID:19496
Reference: URL:http://www.securityfocus.com/bid/19496
Reference: SECUNIA:21504
Reference: URL:http://secunia.com/advisories/21504
Reference: XF:04webserver-user-id-bypass(28355)
Reference: URL:http://xforce.iss.net/xforce/xfdb/28355

Unspecified vulnerability in 04WebServer 1.83 and earlier allows
remote attackers to bypass user authentication via unspecified vectors
related to request processing.


Analysis:
ACKNOWLEDGEMENT: The original 04WebServer security posting is not in
English; however, a Google translation states: "The vulnerability
which can evade user identification...Depending upon the trouble of
request processing, being able to evade user identification there is a
possibility of finishing."

More information about the VIM mailing list