Requesting a specially formed url containing encoding (%2E) to SimpleServer 1.06 and possibley earlier versions, will enable a remote user to gain read access to known files above the SimpleServer directory.

vendor:

SimpleServer

by:

SecurityFocus

8,8

CVSS

HIGH

Directory Traversal

CWE

Product Name: SimpleServer

Affected Version From: 1.06

Affected Version To: 1.06

Patch Exists: YES

Related CWE: CVE-2001-0206

CPE: o:simplesoftware:simpleserver:1.06

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2001

Requesting a specially formed url containing encoding (%2E) to SimpleServer 1.06 and possibley earlier versions, will enable a remote user to gain read access to known files above the SimpleServer directory.

A directory traversal vulnerability exists in SimpleServer 1.06 and possibly earlier versions. By requesting a specially formed URL containing encoding (%2E) to the vulnerable server, a remote user can gain read access to known files above the SimpleServer directory.

Mitigation:

Upgrade to the latest version of SimpleServer.

Source

Requesting a specially formed url containing encoding (%2E) to SimpleServer 1.06 and possibley earlier versions, will enable a remote user to gain read access to known files above the SimpleServer directory.

Mitigation:

Exploit-DB raw data: