Web Server Directory Traversal Arbitrary File Access
Critical Nessus Plugin ID 10297
SynopsisThe remote web server is affected by a directory traversal vulnerability.
DescriptionIt appears possible to read arbitrary files on the remote host outside the web server's document directory using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.
Note that this plugin is not limited to testing for known vulnerabilities in a specific set of web servers. Instead, it attempts a variety of generic directory traversal attacks and considers a product to be vulnerable simply if it finds evidence of the contents of '/etc/passwd' or a Windows 'win.ini' file in the response. It may, in fact, uncover 'new' issues, that have yet to be reported to the product's vendor.
SolutionContact the vendor for an update, use a different product, or disable the service altogether.