Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CIS3513.txt

🗓️ 28 Feb 2005 00:00:00Reported by CorryLType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 16 Views

CIS WebServer allows remote file access via directory traversal vulnerability, no patch available.

Show more
Code
`-=[ x0n3-h4ck Italian Security Team ]=-  
  
/*Advisories*\  
  
/*  
  
Application: CIS WebServer  
  
Vendor's Url: www.cisindia.net  
  
Version: 3.5.13  
  
Platforms: Windows  
  
Bug: Directory Traversal  
  
Exploitation: Remote  
  
Author: CorryL  
  
[email protected]  
  
www.x0n3-h4ck.org  
  
*\  
  
  
  
{Description}  
  
CIS WebServer is an easy http server, A remote user can obtain files on the  
system that are located outside of  
the web document directory.  
  
  
{Bug}  
  
http://victimhost/../../../windows/repair/sam  
  
A remote user succeds to read the file sam of the system where CIS WebServer  
is running  
  
  
  
{Vendor Status}  
  
20/02/2005 Vendor notification  
  
21/02/2005 Vendor Response  
  
25/02/2005 No patch relase from vendor  
  
25/02/2005 Public disclousure  
  
{Fix}  
  
Waiting for an official patch  
  
  
  
  
  
  
  
  
  
_________________________________  
www.seekstat.it is your web stat  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Feb 2005 00:00Current
7.4High risk
Vulners AI Score7.4
cis webserverremote accessdirectory traversalwindows platformvendor notificationpublic disclosure.
16
.json
Report