CVE-2004-2565

Name of the Vulnerable Software and Affected Versions Sambar Server version 6.1 Beta 2

Description The issue allows remote authenticated users to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by exploiting the file parameter in "showini.asp" with a ".." (dot dot backslash) or by using an absolute path with a drive letter in the log parameter to "showlog.asp".

Recommendations For Sambar Server version 6.1 Beta 2, consider restricting access to the showini.asp and showlog.asp pages until a patch is available. As a temporary workaround, avoid using the file parameter in "showini.asp" and the log parameter in "showlog.asp" with untrusted input.