Static Web Server Symbolic Link Path Traversal Vulnerability Allowing Access to Files Outside Web Root
Vulnerability
A symbolic link path traversal vulnerability has been identified in Static Web Server (SWS) versions through 2.40.0. This issue allows for access to files or directories outside the designated web root. SWS does not adequately restrict symlinks from leaving the root directory. If an attacker gains access to the web server's root directory, they can create symlinks to access external files either through URLs or directory listings.
Impact
Exploitation of this vulnerability could lead to unauthorized access to files outside the web root, potentially exposing sensitive information.
Reproduction
To reproduce this vulnerability, serve a directory with SWS. Then, create a symlink in the web root that points to a file outside of it, such as a user's bash configuration file. After creating the symlink, the file can be accessed through the web server, bypassing the intended directory restrictions.
Remediation
Users can upgrade to Static Web Server version 2.40.1 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.