-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Essentia Web Server Directory Traversal Vulnerability Type: Directory Traversal Release Date: February 22, 2002 Product / Vendor: The Essentia Web Server provides Enhanced Web Application and Communication Services. Whether you are setting up a simple Web Site on your Corporate Intranet or creating large sites for the Internet, Essentia provides a simple and flexible way to make an even stronger Web and Applications Platform. http://www.essencomp.com/ Summary: Adding the string "/../" to an URL allows an attacker to view and download any file on the server. http://host/../../ Tested: Windows 2000 / Essentia Web Server 2.1 Vulnerable: Essentia Webserver 2.1 (And may be other.) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin tsat_private http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA+AwUBPHWC2ruLpFMrXtywEQIznACWIVpTJ1X6NQqoMEyywWaNV19BowCgmeQt at/GRkKMMQT1rGYMUK5RfGc= =0tV7 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Feb 22 2002 - 11:28:15 PST