header-logo
Suggest Exploit
vendor:
Eserv
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Eserv
Affected Version From: Eserv 2.2
Affected Version To: Eserv 2.2
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: a:etype:eserv
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2001

Etype’s Eserv Directory Traversal Vulnerability

Etype's Eserv product is vulnerable to a directory traversal attack, which allows an attacker to access any file on the server's filesystem that the webserver has access to. This is done by using a URL containing "../" strings, such as http://victim.com/../../../autoexec.bat.

Mitigation:

Upgrade to the latest version of Etype's Eserv product.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/773/info

Etype's Eserv product is designed to be a one-source internet connectivity solution, incorporating mail, web, ftp, and proxy servers into one package. The web server will allow remote browsing of the entire filesystem by the usage of ../ strings in the URL. This gives an attacker read access to every file on the server's filesystem that the webserver has access to. 

http://victim.com/../../../autoexec.bat

Navigation

Suggest Exploit

Services By CQR