| VID |
22221 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MyServer Web server is vulnerable to a Directory Traversal Vulnerability via dot dot sequences.
MyServer is a freely available Web server for Microsoft Windows and Linux-based platforms. The version 0.4.2 and 0.4.1 of MyServer can allow traverse directories that break out of the web root directory on the Web server. By sending a specially-crafted URL encoded "dot dot" sequences (/%2e%2e/) such as the follow, a remote attacker can traverse directories and view arbitrary files and directories on the Web server.
http://[target_server]/%2e%2e/%2e%2e/%2e%2e
http://[target_server]/%2e%2e/%2e%2e/%2e%2e/boot.ini
* References:
http://www.securiteam.com/securitynews/5EP0D1FAAA.html
* Platforms Affected:
MyServer myServer 0.4.1
MyServer myServer 0.4.2 |
| Recommendation |
Upgrade to the latest version of MyServer (0.5 or later), available from MyServer web site at
http://sourceforge.net/project/showfiles.php?group_id=63119 |
| Related URL |
(CVE) |
| Related URL |
7944 (SecurityFocus) |
| Related URL |
12272 (ISS) |
|
