| VID |
22423 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Easy File Sharing Web Server is vulnerable to an information disclosure vulnerability which exists in version 4.0. Easy File Sharing Web Server is a file sharing software for Microsoft Windows platforms that allows visitors to upload/download files easily through a Web Browser (IE, Mozilla, Netscape etc.). Easy File Sharing Web Server version 4.0 and possibly other versions are vulnerable to an information disclosure vulnerability, caused by a vulnerability in the handling of alternative data streams when running on a NTFS file system, which could allow a remote attacker to read arbitrary files under the web root by appending ::$DATA to the end of a HTTP GET request. A remote attacker could exploit this vulnerability to gain knowledge of user and administrator login credentials, cryptographic keys and certificates, private messages, logfiles, and other sensitive information.
* References:
http://secunia.com/advisories/22602/
http://www.milw0rm.com/exploits/2690
* Platforms Affected:
EFS Software, Inc., Easy File Sharing Web Server version 4.0 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of the Easy File Sharing Web Server (4.1 or later), available from the Download Web site for the the Easy File Sharing Web Server at http://www.sharing-file.com/download.htm |
| Related URL |
CVE-2006-5714 (CVE) |
| Related URL |
20823 (SecurityFocus) |
| Related URL |
29925 (ISS) |
|
