header-logo
Suggest Exploit
vendor:
WebServer
by:
SecurityFocus
8.3
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: WebServer
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2003-0252
CPE: a:cis:webserver
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2003

CIS WebServer Directory Traversal Vulnerability

CIS WebServer is vulnerable to a directory traversal attack, which allows an attacker to gain read access to files on a host using the vulnerable software. This is done by sending a specially crafted request containing directory traversal strings, such as "../../../windows/repair/sam".

Mitigation:

Upgrade to the latest version of CIS WebServer.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12662/info

A vulnerability has been identified in the handling of certain types of requests by CIS WebServer. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.

The problem is in the handling of directory traversal strings. This issue could be exploited to gain read access to files on a host using the vulnerable software. 

http://www.example.com/../../../windows/repair/sam

Navigation

Suggest Exploit

Services By CQR