| vuln.sg Vulnerability Research Advisory |
by Tan Chew Keong 
Summary
A vulnerability has been found within the "File" driver in CGI::Session. When exploited, this vulnerability potentially allows an attacker to bypass session control restrictions. This vulnerability affects web applications that use CGI::Session's "File" driver for session management on a Windows-based system.
Tested Versions
Details
A vulnerability has been found within the "File" driver in CGI::Session. When exploited, this vulnerability potentially allows an attacker to bypass session control restrictions. This vulnerability affects web applications that use CGI::Session's "File" driver for session management on a Windows-based system. Linux-based systems are not affected, other platforms have not been tested. CGI::Session does not perform sufficient sanitization of the CGISESSID cookie value before using it in the "File" driver to construct the filename of the session data file. By inserting directory traversal sequences into the cookie value, it is possible to cause the "File" driver to read session data from arbitrary files located outside of the configured session data directory. NOTE: This directory traversal issue is confirmed exploitable if CGI::Session is used on a Windows-based system. Linux-based systems are not affected, other platforms have not been tested. More specifically, the vulnerability is confirmed to be exploitable when ALL of the following conditions are met.
Please see this advisory for an application that is affected by this vulnerability.
Patch / Workaround
Update to version 4.34 or later. Changelog is here.
Disclosure Timeline
2008-07-10 - Vulnerability Discovered in FreeStyleWiki. |
| Contact |
| For further enquries, comments, suggestions or bug reports, simply email them to |