vendor:
Web Server 3.x Examples Toolkit v.2
by:
SecurityFocus
4.3
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Web Server 3.x Examples Toolkit v.2
Affected Version From: 3.x
Affected Version To: 3.x
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Novell Web Server 3.x Examples Toolkit v.2
Novell Web Server 3.x Examples Toolkit v.2 is a package containing example scripts and HTML files to help administrators design web sites. It is not a support Novell product and is provided solely as a convenience to the user. The toolkit contained a script called 'FILES.PL' that could be used to view the contents of files or directories on the server by a remote attacker. This is done by passing the parameter 'file=<file-or-directory-to-view>' to the script. An attacker could gain information useful in conducting subsequent attacks, or retrieve personal or proprietary information.
Mitigation:
Ensure that the web server is configured to only allow access to the necessary files and directories. Ensure that the web server is configured to only allow access to the necessary files and directories.
