oss-sec mailing list archives

Re: CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 14 Jun 2013 14:02:15 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/14/2013 11:22 AM, Felipe Pena wrote:

Monkey HTTPD - Mandril security plugin Mandril is a plugin which
provides a security layer to Monkey through rules which can be
applied to the request URI or by network address.

A vulnerability was found in the way as the URI are validated. The
plugin check the configuration rules against possible encoded
URIs.

PoC ---

Configuration sample: [RULES] Deny_URL /test/

To bypass such rule, we just need to make a request like: 
http://yourhost/%2ftest/


Report ------ http://bugs.monkey-project.com/ticket/186


CREDITS ------- Felipe Pena

-- Regards, Felipe Pena

Please use CVE-2013-2182 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRu3bHAAoJEBYNRVNeJnmT6dYQAM3NIk28f3FfxPgR/8krXK7t
sW6RidIkH0hZi+WrNCaK9nwNx04yUfvfuXCiWooMrF+axUMFDAPC/nz9YORDnOhC
WtiKGjP3htQbPPj6uuURP4+SGXpYL1kPdqdFufHKUTrHnO7wVodTWNr9CrOTZTtd
W5Q8cbZ+3UFvnKlzqaZtFYT5jFGaoBYa7fBgDJvgXdOTiWk5R7zl23gO6qnQbAJH
M/ItUEF+J2SFMAzJ9IZv8l4O/TH1aIbyg3YCw3vBALI9IQJfHw3pGhPUf2gN+bJ5
kn2W9lxo6PSyjJbciazfOQq+K+6FtsStSAQABbo6UkPcnXDy3jfZGhwaot3n4Kux
5ZbSuvZtpeUR9dJPFSRjepJ/OBn1FqlRP1L5HsuXpcblicb8wInPAXkRi29s7tA8
zeQPtwLx+FkxCC21YPA03iG8/RY3qcDFYZzG8p6VdsCpjB4a1flanTfCzf77ctVE
IYO3dFpWebBvVzKvd4sjNx+u3+DpLmh4i7iy6u6XK7zaxEIbWyywe/vZgwu3Hcfo
XJcQJ0x1fGVerNOdzTTvDeDgPvYPijW/q15DmnYn4KLGSfDGDvjcyY4dDlJCjEkI
fkDCn8/2r0KXDj2a0k8ekMfm4F4nRJbnA0vH4FB0Wg1jOowC89GV/yzT25CjTq/K
E19Vi8H0IoXzCiO/OUro
=WGwQ
-----END PGP SIGNATURE-----

Current thread:

CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Felipe Pena (Jun 14)
- Re: CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Kurt Seifried (Jun 14)