Web Server Path Traversal

Description

When a web server fails to properly normalize and validate the ../ sequence in URL paths, it enables attackers to access files outside the intended directory structure. This vulnerability can lead to reading sensitive system files such as /etc/passwd or application configuration files. The issue may arise due to bugs in the web server or the router application responsible for serving static files.

Recommendation

To mitigate this risk:

• Ensure the web server and any components used for serving static files are kept up to date to patch known vulnerabilities.
• Implement proper validation and sanitization mechanisms in your web application to prevent serving files outside of the intended path.
• Conduct thorough debugging and tracing of your web application’s route dispatching to identify and rectify potential vulnerabilities.

References

• CVE-2017-14849
• CWE-22
• CAPEC-126
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013
• Nginx Integer Overflow - CVE-2017-7529
• Apache mod_proxy 2.4.48 SSRF - CVE-2021-40438
• Apache Struts 2 RCE S2-045 - CVE-2017-5638

Tags:

Path Traversal

NodeJs

Express

Web Server