Eserv GET Request Traversal Arbitrary File Access

Medium Nessus Plugin ID 10063


The web server running on the remote host has a directory traversal vulnerability.


The version of Eserv running on the remote host is vulnerable to a directory traversal attack. It is possible to read arbitrary files on the server by prepending ../../ or ..\..\ in front of the file name. A remote attacker could exploit this to read arbitrary files on the server, which could be used to mount further attacks.


Upgrade to Eserv 2.99 or later.

See Also

Plugin Details

Severity: Medium

ID: 10063

File Name: eserv.nasl

Version: $Revision: 1.34 $

Type: remote

Family: Web Servers

Published: 1999/11/05

Modified: 2011/03/11

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Vulnerability Publication Date: 1999/11/05

Reference Information

CVE: CVE-1999-1509

BID: 773