Detections
Analytics

Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access

medium Nessus Plugin ID 10142

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

It is possible to read any file on the remote system by prepending several dots before the file name.

Solution

There is no known solution at this time.

See Also

http://support.microsoft.com/default.aspx?scid=kb;[LN];217763

https://marc.info/?l=bugtraq&m=91668256428214&w=2

Plugin Details

Severity: Medium

ID: 10142

File Name: mspws_dotdotdot.nasl

Version: 1.30

Type: remote

Family: CGI abuses

Published: 6/22/1999

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 1/17/1996

Reference Information

CVE: CVE-1999-0386