Detections
Analytics

Sambar Server pagecount CGI Traversal Arbitrary File Overwrite

medium Nessus Plugin ID 10711

Synopsis

The remote host has an application that may allow arbitrary file overwrite.

Description

By default, there is a pagecount script with Sambar Web Server located at http://sambarserver/session/pagecount This counter writes its temporary files in c:\sambardirectory\tmp.
It allows to overwrite any files on the filesystem since the 'page' parameter is not checked against '../../' attacks.

Solution

Remove this script.

See Also

https://www.securityfocus.com/archive/1/199410

Plugin Details

Severity: Medium

ID: 10711

File Name: sambar_pagecount.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 7/29/2001

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/sambar

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/21/2001

Reference Information

CVE: CVE-2001-1010

BID: 3091, 3092