Author: JT Smith
GNU Bug Tracking System at sources.redhat.com: “In Gnatsweb 2.7 beta, a new help system was introduced. The standard help text was provided in a separate file named ‘gnatsweb.html’. For some reason it was
decided to allow the name of the help file to be customized, and it was possible to specify this filename by providing a value to the help_file parameter in a
request URL. By judicious use of special characters in the value of the help_file parameter, an attacker would be able to read the contents of any file or execute any
command to which the web server process user had access.”
decided to allow the name of the help file to be customized, and it was possible to specify this filename by providing a value to the help_file parameter in a
request URL. By judicious use of special characters in the value of the help_file parameter, an attacker would be able to read the contents of any file or execute any
command to which the web server process user had access.”
Category:
- Linux
