Westpoint Security Advisory

Title:          Jetty CGIServlet Arbitrary Command Execution			
Risk Rating:	Medium
Software: 	Jetty Servlet Container
Platforms:	Win32 (other platforms not tested)			
Vendor URL: 	www.mortbay.org	
Author:		Matt Moore <matt@westpoint.ltd.uk>
Date:	        1st October 2002	
Advisory ID#:	wp-02-0011.txt

Overview:
=========
Jetty is a 100% Java HTTP Server and Servlet Container. A flaw
in the CGIServlet allows an attacker to execute arbitrary commands
on the server.

Details:
========

Commands can be executed on the server by making requests like:

http://jetty-server:8080/cgi-bin/..\..\..\..\..\..\winnt/notepad.exe

Patch / Workaround Information:
===============================

The vendor responded quickly and has released a fixed version, 4.1.0
which can be downloaded from http://jetty.mortbay.org

Excerpt from Vendor announcement at:

http://groups.yahoo.com/group/jetty-announce/message/45

'4.1.0 also contains a priority security fix for the CGI servlet
running on windows platforms. This remotely exploitable problem
effects all previous versions of Jetty that use the CGI servlet
on windows without a permissions file configured for the context.
The CGI servlet from 4.1.0 may be used in 4.0 releases.'

This advisory is available online at:

http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt

			
Designed & Built by e3creative