COMMAND

    perlweb

SYSTEMS AFFECTED

    Perl Web Server v0.3

PROBLEM

    nemesystm  of  the  DHC  found  following.   Perl Web Server has a
    simple  dot  dot  bug  bug.   Tested  to  be  vulnerable  to   the
    hex-encoded dot  dot bug  is Perl  Web Server  v0.3.    All  older
    versions are assumed to be vulnerable as well.

    To test this vulnerability, try the following:

        www.server.com/../../../../etc/passwd

    add ..'s to reflect the  location of /etc/passwd in comparison  to
    Perl Web Server.

        www.server.com/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

    works as well.  %2e is nothing but a hex-encoded dot.

SOLUTION

    Not known  at the  moment.   This is  hardly a  production-quality
    application and even their  own download statistics show  that its
    distribution has been very limited.