Plug and Play Web Server Directory Traversal Vulnerability

vendor:

Plug and Play Web Server

by:

Unknown

N/A

CVSS

MEDIUM

Directory Traversal

CWE

Product Name: Plug and Play Web Server

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2003-1282

CPE: a:plug_and_play:web_server

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Plug and Play Web Server Directory Traversal Vulnerability

The Plug and Play Web Server is prone to a directory traversal issue that allows remote attackers to access files outside of the server root directory by using '../' or '..' character sequences. This vulnerability can be exploited by sending specially crafted requests to the server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the Plug and Play Web Server. Additionally, it is advised to restrict access to the server and implement proper input validation to prevent directory traversal attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8645/info

It has been reported that Plug and Play Web Server is prone a directory traversal issue allowing a remote attacker to traverse outside the server root directory by using '../' or '..\' character sequences.

Successful exploitation of this vulnerablity may allow a remote attacker to gain access to sensitive information, which may be used to mount further attacks against a vulnerable system.

http://www.example.com/../../existing_file
http://www.example.com\..\..\existing_file
http://www.example.com/../../ [show the files and the folders in C drive - if the 'Show Directory list when homepage does not exist' option is active.]