Michael Lamont Savant HTTP Server 2.1 - Directory Traversal
2001-02-17T00:00:00
ID EXPLOITPACK:44EA39E0FBCA07C45BAA190E8B29D219 Type exploitpack Reporter Tom Tom Modified 2001-02-17T00:00:00
Description
Michael Lamont Savant HTTP Server 2.1 - Directory Traversal
source: https://www.securityfocus.com/bid/2697/info
It is possible for an attacker to traverse the web folders of a Savant HTTP Server. Submitting a URL referring to a known directory or file, and appended with specific unicode characters, will disclose the contents of the requested resource. The unicode character in question is '%2f..'. This vulnerability could allow the reading of files on the target system.
http://example.com/%2f..%2f..%2f../filename
{"lastseen": "2020-04-01T19:04:31", "references": [], "description": "\nMichael Lamont Savant HTTP Server 2.1 - Directory Traversal", "edition": 1, "reporter": "Tom Tom", "exploitpack": {"type": "remote", "platform": "windows"}, "published": "2001-02-17T00:00:00", "title": "Michael Lamont Savant HTTP Server 2.1 - Directory Traversal", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:31", "rev": 2}, "score": {"value": 0.1, "vector": "NONE", "modified": "2020-04-01T19:04:31", "rev": 2}, "vulnersScore": 0.1}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2001-02-17T00:00:00", "id": "EXPLOITPACK:44EA39E0FBCA07C45BAA190E8B29D219", "href": "", "viewCount": 0, "sourceData": "source: https://www.securityfocus.com/bid/2697/info\n\nIt is possible for an attacker to traverse the web folders of a Savant HTTP Server. Submitting a URL referring to a known directory or file, and appended with specific unicode characters, will disclose the contents of the requested resource. The unicode character in question is '%2f..'. This vulnerability could allow the reading of files on the target system. \n\nhttp://example.com/%2f..%2f..%2f../filename", "cvss": {"score": 0.0, "vector": "NONE"}}