MiniWebsvr GET Request Traversal Arbitrary File Access

This script is Copyright (C) 2008-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a directory traversal
vulnerability.

Description :

The remote host is running MiniWebsvr, a small web server.

The version of MiniWebsvr running on the remote host fails to sanitize
request strings of directory traversal sequences, which allows an
unauthenticated attacker to read files outside the web server's
document directory.

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 31345 ()

Bugtraq ID: 23413

CVE ID: