Summary
The Sambar webserver is running.
It provides a web interface for configuration purposes.
The admin user has no password and there are some other default users without passwords.
Everyone could set the HTTP-Root to c:\ and delete your files!
*** this may be a false positive - go to http://the_server/sysadmin/ and have a look at it by yourself
Solution
Change the passwords via the webinterface or use a real webserver like Apache.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability