header-logo
Suggest Exploit
vendor:
Web Server
by:
SecurityFocus
7.5
CVSS
HIGH
Path Disclosure
22
CWE
Product Name: Web Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Snowblind Web Server Path Disclosure Vulnerability

Snowblind Web Server does not perform correct access validation on client requested paths which include '../' character sequences. An attacker may exploit this vulnerability to view files outside of the web root directory.

Mitigation:

Ensure that the web server is configured to properly validate user input and restrict access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7618/info

It has been announced that Snowblind Web Server is vulnerable to a condition that may result in the disclosure of potentially sensitive information.

According to the report, Snowblind Web Server does not perform correct access validation on client requested paths which include "../" character sequences.

http://www.example.com/../../windows/system.ini
http://www.example.com/internal.sws?../../windows/system.ini

Navigation

Suggest Exploit

Services By CQR