Home page logo
/

bugtraq logo Bugtraq mailing list archives

SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability
From: "Tamer Sahin" <ts () securityoffice net>
Date: Fri, 22 Feb 2002 01:29:31 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Essentia Web Server Directory Traversal Vulnerability

Type:

Directory Traversal

Release Date:

February 22, 2002

Product / Vendor:

The Essentia Web Server provides Enhanced Web Application and
Communication Services. Whether you are setting up a simple Web Site
on your Corporate Intranet or creating large sites for the Internet,
Essentia provides a simple and flexible way to make an even stronger
Web and Applications Platform. 

http://www.essencomp.com/

Summary:

Adding the string "/../" to an URL allows an attacker to view and
download any file on the server.

http://host/../../

Tested:

Windows 2000 / Essentia Web Server 2.1

Vulnerable:

Essentia Webserver 2.1 (And may be other.)

Disclaimer:

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:

Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA+AwUBPHWC2ruLpFMrXtywEQIznACWIVpTJ1X6NQqoMEyywWaNV19BowCgmeQt
at/GRkKMMQT1rGYMUK5RfGc=
=0tV7
-----END PGP SIGNATURE-----





  By Date           By Thread  

Current thread:
  • SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability Tamer Sahin (Feb 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault