CVE-2003-1297

2006-03-1923:00:00

mitre

www.cve.org

file sharing web

access control

remote attackers

sensitive information

smtp account

server configuration

log files

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

74.2%

JSON

Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files.

References

archives.neohapsis.com/archives/bugtraq/2003-10/0083.html

www.osvdb.org/23794

www.osvdb.org/23795