Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing

medium Nessus Plugin ID 10514

Synopsis

The remote web server is vulnerable to an information disclosure flaw.

Description

The 'search.dll' CGI that comes with Sambar server can be used to obtain a listing of the remote web server directories even if they have a default page, such as index.html.

This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the presence of files that are not intended to be visible.

Solution

Disable the search.dll CGI, or upgrade to Sambar 4.4b4.

Plugin Details

Severity: Medium

ID: 10514

File Name: sambar_search_cgi.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 9/16/2000

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:sambar:sambar_server

Required KB Items: www/sambar

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/15/2000

Reference Information

CVE: CVE-2000-0835

BID: 1684

Detections

Analytics