Summary
This web server is running myServer <= 0.4.3 or 0.7. This version contains a directory traversal vulnerability, that allows remote users with no authentication to read files outside the webroot.
You have to create a dot-dot URL with the same number of '/./' and '/../' + 1. For example, you can use :
/././..
/./././../..
/././././../../..
/./././././../../../..
etc...
or a long URL starting with ./././. etc.
More information : http://www.securityfocus.com/archive/1/339145
Solution
Upgrade to myServer 0.7.1 or later
Severity
Classification
-
CVE CVE-2004-2516 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities