CVE-2004-2112

Vulnerability

BremsServer 1.2.4, a small HTTP server for testing web pages locally, fails to properly validate user-supplied paths. An attacker can include "../" sequences in the URL to traverse directories outside the web root. This allows reading arbitrary files on the server's filesystem. The vulnerability is present in version 1.2.4 as described in the advisory [2].

Exploitation

No authentication is required; the attacker only needs network access to the server. By sending a crafted HTTP request such as http://[host]/../PATH/windows/system.ini, the server returns the contents of the requested file. The attack is straightforward and can be performed with a standard web browser [2].

Impact

Successful exploitation leads to unauthorized disclosure of sensitive files, including system configuration files (e.g., system.ini) and any other readable file on the server. This compromises confidentiality. The attacker does not gain code execution or elevated privileges, but can read arbitrary files accessible to the server process.

Mitigation

The vendor stated that the bug would be fixed in the next version of BremsServer [2]. No specific fixed version or release date is provided in the available references. Users should monitor the official website (http://www.herberlin.de/) for updates. As of the publication date, no patch is available; the only mitigation is to restrict network access to the server or discontinue use until a fix is released.