header-logo
Suggest Exploit
vendor:
Acme.Serve
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Filesystem Browsing
22
CWE
Product Name: Acme.Serve
Affected Version From: 1.7
Affected Version To: 1.7
Patch Exists: No
Related CWE: N/A
CPE: a:acme:acme.serve
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Acme.Serve 1.7 Remote Filesystem Browsing Vulnerability

Acme.Serve 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet. If an attacker were to connect, they could view possibly sensitive information, such as '/etc/shadow' by connecting to http://potentialvictim:9090//etc/shadow.

Mitigation:

Disable the webserver or restrict access to it.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2809/info

Acme.Serve is a free, open-source, embeddable webserver written in Java. It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer.

Acme.Serve 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet.

If an attacker were to connect, they could view possibly sensitive information.


http://potentialvictim:9090//etc/shadow to view '/etc/shadow'.

Navigation

Suggest Exploit

Services By CQR