PT-2004-3408 · Myserver · Myserver
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-2516
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
myServer version 0.7
Description
A directory traversal issue allows remote attackers to list arbitrary directories by sending an HTTP GET command with a sequence of "./" and "../" in the request.
Recommendations
For myServer version 0.7, consider restricting access to sensitive directories until a patch is available. As a temporary workaround, limiting the handling of "../" sequences in HTTP GET requests may help minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Myserver