MiniWebsvr GET Request Traversal Arbitrary File Access

medium Nessus Plugin ID 31345

Language:

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

The remote host is running MiniWebsvr, a small web server.

The version of MiniWebsvr running on the remote host fails to sanitize request strings of directory traversal sequences, which allows an unauthenticated attacker to read files outside the web server's document directory.

Solution

Unknown at this time.

Plugin Details

Severity: Medium

ID: 31345

File Name: miniwebsvr_dir_traversal.nasl

Version: 1.15

Type: remote

Family: Web Servers

Published: 3/4/2008

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Reference Information

BID: 23413

Detections

Analytics