Eserv GET Request Traversal Arbitrary File Access
Medium Nessus Plugin ID 10063
SynopsisThe web server running on the remote host has a directory traversal vulnerability.
DescriptionThe version of Eserv running on the remote host is vulnerable to a directory traversal attack. It is possible to read arbitrary files on the server by prepending ../../ or ..\..\ in front of the file name. A remote attacker could exploit this to read arbitrary files on the server, which could be used to mount further attacks.
SolutionUpgrade to Eserv 2.99 or later.