| VID |
21165 |
| Severity |
30 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
It seems to be Boa web server. It is possible to read arbitrary files on the remote server by prepending '%2e%2e/%2e%2e/%2e%2e/' in front on the file name.
GET /%2e%2e/%2e%2e/%2e%2e/etc/passwd |
| Recommendation |
Contact your vendor for a patch, and upgrade to the latest version. |
| Related URL |
CVE-2000-0920 (CVE) |
| Related URL |
1770 (SecurityFocus) |
| Related URL |
5330 (ISS) |
|
