Andr0m3da
Power Member
According to a SecurityFocus report at
http://online.securityfocus.com/bid/5035, a CGI component of the Mathematica
program could allow an attacker to access the content of the hard disk.
Mathematica, developed by Wolfram Research, is one of the most widely-used
technical computing programs in the scientific community. This application
includes the component webMathematica, based on Java, which allows
Mathematica content to be included in a web environment. It includes CGI
programs that generate answers and images based on user input.
The possibility to include Mathematica content in web environments is what
makes this component so widely-used in academic environments to show
calculations simply and clearly. However, a vulnerability in the MSP CGI
program means that a file name parameter is not correctly validated. By
including "./" sequence characters, an attacker could leave the web root and
access any other system file.
http://online.securityfocus.com/bid/5035, a CGI component of the Mathematica
program could allow an attacker to access the content of the hard disk.
Mathematica, developed by Wolfram Research, is one of the most widely-used
technical computing programs in the scientific community. This application
includes the component webMathematica, based on Java, which allows
Mathematica content to be included in a web environment. It includes CGI
programs that generate answers and images based on user input.
The possibility to include Mathematica content in web environments is what
makes this component so widely-used in academic environments to show
calculations simply and clearly. However, a vulnerability in the MSP CGI
program means that a file name parameter is not correctly validated. By
including "./" sequence characters, an attacker could leave the web root and
access any other system file.