Cassandra Web Directory Traversal Vulnerability Allowing Arbitrary File Read
Vulnerability
A directory traversal vulnerability has been identified in Cassandra Web version 0.5.0. This vulnerability allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. The issue arises from the Rack::Protection module being disabled, which enables the exploitation of path traversal vulnerabilities to access sensitive system files, such as /etc/passwd, and retrieve Apache Cassandra database credentials.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive system files and Apache Cassandra database credentials.
Reproduction
The vulnerability can be reproduced by sending a request to the Cassandra Web server with manipulated path traversal parameters that exploit the directory traversal vulnerability. The default port for Cassandra Web is 3000. The Rack::Protection module's absence can be verified by checking the server's response headers.
Remediation
Users are advised to update to Cassandra Web version 0.6.0 or later, once it becomes available.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.