Way-BOARD CGI could allow attackers to view unauthorized files (HTTP_Wayboard_Fileview)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IPS, Proventia Network IDS, Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Network Protection, IBM Security Host Protection for Servers (Unix):

This signature detects an HTTP GET request for the wayboard.cgi file. The request includes an argument that starts with "db" and ends with "00".


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.0, RealSecure Server Sensor: 7.0, Proventia-G 1.1 and earlier: G Series, Proventia Network IPS: 2.0, Proventia Network IDS: A Series, Proventia Network MFS: 1.0, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0, IBM Security Network Protection: 5.1, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Way-BOARD Way-BOARD cgi

Type

Unauthorized Access Attempt

Vulnerability description

Way-BOARD could allow a remote attacker to view unauthorized files on the Web server. A remote attacker can append %00 to an HTTP request of a known file to cause the contents of the file to be returned and gain access to sensitive information. This vulnerability can only be exploited on systems where Perl is installed.

How to remove this vulnerability

No remedy available as of September 1, 2014.

References

BugTraq Mailing List, Mon Feb 12 2001 - 08:16:44 CST
Way-board: "show files" Vulnerability with null bite bug
http://archives.neohapsis.com/archives/bugtraq/2001-02/0212.html

ISS X-Force
Way-BOARD CGI could allow attackers to view unauthorized files
http://www.iss.net/security_center/static/6091.php

CVE
CVE-2001-0214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0214