MyServer 0.4.3 / 0.7 Crafted Traversal Arbitrary File Access
Medium Nessus Plugin ID 11851
SynopsisThe remote web server is affected by an information disclosure vulnerability.
DescriptionThis web server is running MyServer <= 0.4.3 or 0.7. This version contains a directory traversal vulnerability, that allows remote users with no authentication to read files outside the webroot.
You have to create a dot-dot URL with the same number of '/./' and '/../' + 1.
SolutionUpgrade to MyServer 0.7.1 or later.