Signature Detail

HTTP: Apache For Windows Encoded Directory Traversal

This signature detects directory traversal attempts against an Apache server running on a Microsoft Windows platform. Apache 2.0.39 and earlier versions are vulnerable. Attackers can execute arbitrary commands on the target host.

Extended Description

A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms (potentially including Apache compiled with CYGWIN). Platforms that may be affected by this include Windows, OS2, and Netware. The issue is related to the failure to properly process the backslash '\' character, which may be used as a directory delimiter under these platforms. By using the URL encoded sequence '%2e%2e%5c', the web root may be escaped. Exploitation may result in the disclosure of sensitive information. Additionally, arbitrary local programs may be executed with attacker supplied parameters if directory traversal techniques are used to escape the cgi-bin directory.

Affected Products

• Apache Software Foundation Apache 2.0.0
• Apache Software Foundation Apache 2.0.28
• Apache Software Foundation Apache 2.0.28 Beta
• Apache Software Foundation Apache 2.0.28 -BETA
• Apache Software Foundation Apache 2.0.32
• Apache Software Foundation Apache 2.0.32 -BETA
• Apache Software Foundation Apache 2.0.34 -BETA
• Apache Software Foundation Apache 2.0.35
• Apache Software Foundation Apache 2.0.36
• Apache Software Foundation Apache 2.0.37
• Apache Software Foundation Apache 2.0.38
• Apache Software Foundation Apache 2.0.39

References

• BugTraq: 5434
• CVE: CVE-2002-0661