Eserv Web Server /? Request Forced Directory Listing

medium Nessus Plugin ID 11656

Language:

Synopsis

The web server running on the remote host has an information disclosure vulnerability.

Description

The version of EServ running on the remote host is vulnerable to an information disclosure attack. Sending a specially crafted GET request returns a directory listing, even when an index file is present.

A remote attacker could use this information to mount further attacks against the system.

Solution

Upgrade to the latest version of EServ.

See Also

https://seclists.org/bugtraq/2003/May/255

Plugin Details

Severity: Medium

ID: 11656

File Name: eserv_dir_traversal.nasl

Version: 1.20

Type: remote

Family: Web Servers

Published: 5/27/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7669

Secunia: 8867