header-logo
Suggest Exploit
vendor:
N/A
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

FSO Vulnerability in ASP

The File System Object (FSO) may be called from an Active Server Page (ASP) to display files that exist outside of the web server's root directory. An example of this syntax would be: http://www.server.foo/showfile.asp?file=../../global.asa. This vulnerability could be used to view the source code of ASP files or stream data into other ASP files on the web server.

Mitigation:

Ensure that the web server is configured to deny access to files outside of the web root directory.
Source

Exploit-DB raw data: