Acme.Serve 1.7 - Arbitrary File Access

2001-05-31T00:00:00
ID EXPLOITPACK:615162886F2F12DE18D84453919EBACE
Type exploitpack
Reporter Adnan Rahman
Modified 2001-05-31T00:00:00

Description

Acme.Serve 1.7 - Arbitrary File Access

                                        
                                            source: https://www.securityfocus.com/bid/2809/info

Acme.Serve is a free, open-source, embeddable webserver written in Java. It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer.

Acme.Serve 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet.

If an attacker were to connect, they could view possibly sensitive information.


http://potentialvictim:9090//etc/shadow to view '/etc/shadow'.