Summary
The Sambar webserver is running.
It provides a web interface for configuration purposes.
The admin user has no password and there are some other default users without passwords.
Everyone could set the HTTP-Root to c:\ and delete your files!
*** this may be a false positive - go to http://the_server/sysadmin/ and have a look at it by yourself
Solution
Change the passwords via the webinterface or use a real webserver like Apache.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Afian 'includer.php' Directory Traversal Vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Archiva Multiple Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities