This script is Copyright (C) 1999-2016 Tenable Network Security, Inc.
The remote web server is affected by a directory traversal
It appears possible to read arbitrary files on the remote host outside
the web server's document directory using a specially crafted URL. An
unauthenticated attacker may be able to exploit this issue to access
sensitive information to aide in subsequent attacks.
Note that this plugin is not limited to testing for known
vulnerabilities in a specific set of web servers. Instead, it attempts
a variety of generic directory traversal attacks and considers a
product to be vulnerable simply if it finds evidence of the contents
of '/etc/passwd' or a Windows 'win.ini' file in the response. It may,
in fact, uncover 'new' issues, that have yet to be reported to the
Contact the vendor for an update, use a different product, or disable
the service altogether.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.9
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 10297 ()
Bugtraq ID: 1770730873627378754477152658332412400534013340680432304325843356433584383044393445644458645599456034776047842479874811448926512865131151399523275238452541568715714357313587946738970760
CVE ID: CVE-2000-0920CVE-2007-6483CVE-2008-5315CVE-2010-1571CVE-2010-3459CVE-2010-3460CVE-2010-3487CVE-2010-3488CVE-2010-3743CVE-2010-4181CVE-2011-1900CVE-2011-2524CVE-2011-4788CVE-2012-0697CVE-2012-1464CVE-2012-5100CVE-2012-5335CVE-2012-5344CVE-2012-5641CVE-2013-2619CVE-2013-3304CVE-2014-3744
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.