Eserv Web Server /? Request Forced Directory Listing

Medium Nessus Plugin ID 11656


The web server running on the remote host has an information disclosure vulnerability.


The version of EServ running on the remote host is vulnerable to an information disclosure attack. Sending a specially crafted GET request returns a directory listing, even when an index file is present.

A remote attacker could use this information to mount further attacks against the system.


Upgrade to the latest version of EServ.

See Also

Plugin Details

Severity: Medium

ID: 11656

File Name: eserv_dir_traversal.nasl

Version: $Revision: 1.17 $

Type: remote

Family: Web Servers

Published: 2003/05/27

Modified: 2016/11/15

Dependencies: 10107, 17975, 10386

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7669

OSVDB: 57668

Secunia: 8867