|
Family: CGI abuses --> Category: infos
Sambar webserver pagecount hole Vulnerability Scan
Vulnerability Scan Summary Make a request like http://www.example.com/session/pagecount
Detailed Explanation for this Vulnerability Test
By default, there is a pagecount script with Sambar Web Server
located at http://sambarserver/session/pagecount
This counter writes its temporary files in c:\sambardirectory\tmp.
It allows to overwrite any files on the filesystem since the 'page'
parameter is not checked against '../../' attacks.
Reference : http://www.securityfocus.com/archive/1/199410
Threat Level: High
Solution : Remove this script
Click HERE for more information and discussions on this network vulnerability scan.
|