| VID |
22376 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The vqServer web server, according to its banner, has a directory traversal vulnerability. vqSoft's vqServer web server version 1.9.9 and possibly other versions could allow a remote attacker to view files residing outside of the Web root. By sending a specially-crafted URL containing "dot dot dot" sequences (/......./), a remote attacker could read arbitrary files outside of the web root directory with the privileges of the Web service.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2000-03/0226.html
http://www.securiteam.com/windowsntfocus/2SUQ5QASBQ.html
* Platforms Affected:
vqSoft, vqServer version 1.9.9 and possibly other versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of vqServer (1.9.31 or later), available from the vqServer Download Page at http://www.vqsoft.com/vq/server/dl.html |
| Related URL |
CVE-2000-0240 (CVE) |
| Related URL |
1067 (SecurityFocus) |
| Related URL |
4153 (ISS) |
|
