Acme.Serve 1.7 - Arbitrary File Access

ID EXPLOITPACK:615162886F2F12DE18D84453919EBACE
Type exploitpack
Reporter Adnan Rahman
Modified 2001-05-31T00:00:00


Acme.Serve 1.7 - Arbitrary File Access


Acme.Serve is a free, open-source, embeddable webserver written in Java. It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer.

Acme.Serve 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet.

If an attacker were to connect, they could view possibly sensitive information.

http://potentialvictim:9090//etc/shadow to view '/etc/shadow'.