VULHUB ™

H-Sphere provides automation for web hosting across multiple servers. It is a commercial product that will run on Linux, FreeBSD and Microsoft Windows 2000. It supports both Apache and IIS webservers. H-Sphere does not filter '../' sequences from some requests, which has the potential to disclose sensitive information. A malicious user may make a specially crafted web request which will allow them to break out of wwwroot and browse the filesystem at large. Arbitrary web-readable files may be displayed by the attacker using this attack. To successfully exploit this issue, the malicious user must have access to an account for a hosted website.

H-Sphere provides automation for web hosting across multiple servers. It is a commercial product that will run on Linux, FreeBSD and Microsoft Windows 2000. It supports both Apache and IIS webservers. H-Sphere does not filter '../' sequences from some requests, which has the potential to disclose sensitive information. A malicious user may make a specially crafted web request which will allow them to break out of wwwroot and browse the filesystem at large. Arbitrary web-readable files may be displayed by the attacker using this attack. To successfully exploit this issue, the malicious user must have access to an account for a hosted website.