|
|
Family: CGI abuses --> Category: attack
myServer 0.4.3 / 0.7 Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Attempts to retrieve the path '/././..'
Detailed Explanation for this Vulnerability Test
This web server is running myServer <= 0.4.3 or 0.7. This version contains
a directory traversal vulnerability, that allows remote users with
no authentication to read files outside the webroot.
You have to create a dot-dot URL with the same number of '/./' and '/../'
+ 1. For example, you can use :
/././..
/./././../..
/././././../../..
/./././././../../../..
etc...
or a long URL starting with ./././. etc.
More information : http://www.securityfocus.com/archive/1/339145
Solution : Upgrade to myServer 0.7.1 or later
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
