| VID |
22316 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Easy File Sharing Web Server is vulnerable to an access control bypass vulnerability. Easy File Sharing Web Server is a file sharing software for Microsoft Windows platforms that allows visitors to upload/download files easily through a Web Browser (IE, Mozilla, Netscape etc.). Easy File Sharing Web Server versions 1.2 and 1.25 have an access control bypass vulnerability. By sending a request for the name of a virtual folder on the Web Server (e.g., /disk_c), a remote attacker could view contents on the hard drive.
* References:
http://www.securityfocus.com/archive/1/372840
http://www.securitytracker.com/alerts/2004/Aug/1011045.html
http://www.gulftech.org/?node=research&article_id=00045-08242004
* Platforms Affected:
EFS Software Inc., Easy File Sharing Web Server 1.2
EFS Software Inc., Easy File Sharing Web Server 1.25
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of the Easy File Sharing Web Server (2.6 or later), available from the Download Web site for the the Easy File Sharing Web Server at http://www.sharing-file.com/download.htm |
| Related URL |
CVE-2004-1743 (CVE) |
| Related URL |
11034 (SecurityFocus) |
| Related URL |
17109 (ISS) |
|
