Accipiter DirectServer 6.0 - Remote File Disclosure
| EKU-ID: 28973 | CVE: CVE-2004-0072;OSVDB-3433 | OSVDB-ID: |
| Author: Mark Bassett | Published: 2004-01-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28973 | CVE: CVE-2004-0072;OSVDB-3433 | OSVDB-ID: |
| Author: Mark Bassett | Published: 2004-01-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9389/info This vulnerability may allow and attacker to gain access to files that reside outside of the web root directory using a specially crafted URI that contains URL-encoded variations of directory traversal sequences. This issue has been reported to affect Windows variants of the software. It is not known if other versions are also affected. http://www.example.com/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini