| VID |
21197 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "search.dll" CGI which comes with Sambar server can be used to obtain a listing of the remote web server directories even if they have a default page such as index.html.
This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the presence of files which are not intended to be visible. |
| Recommendation |
Disable the search.dll CGI, or upgrade to Sambar 4.4b4. |
| Related URL |
CVE-2000-0835 (CVE) |
| Related URL |
1684 (SecurityFocus) |
| Related URL |
5247 (ISS) |
|
