| VID |
22222 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Plug and Play web server is vulnerable to a Directory Traversal Vulnerability via dot dot sequences.
Plug and Play web server is a software package for constructing a website on Windows Platforms. The versions 1.0002c of the Plug and Play allow traverse outside the server root directory by using '../' or '..\' character sequences. By sending a specially crafted URL request containing '../' or '..\' character sequences as the follow, a remote attack can gain read access to any file on the target system. It can allows a remote attacker to gain access to sensitive information, which may be used to mount further attacks against a target system.
http://[target_server]/../../windows/win.ini
* References:
http://www.securityfocus.com/archive/1/338090
* Platforms Affected:
Plug and Play Web Server 1.0 002c |
| Recommendation |
No the patch for this vulnerability as of June 2014. |
| Related URL |
(CVE) |
| Related URL |
8645 (SecurityFocus) |
| Related URL |
(ISS) |
|
