Sambar Webserver Pagecount Hole Network Vulnerability

Summary

By default, there is a pagecount script with Sambar Web Server located at http://sambarserver/session/pagecount This counter writes its temporary files in c:\sambardirectory\tmp. It allows to overwrite any files on the filesystem since the 'page' parameter is not checked against '../../' attacks. Reference : http://www.securityfocus.com/archive/1/199410

Solution

Remove this script

Severity

Classification

CVE CVE-2001-1010

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Apache Tiles Multiple XSS Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability

Sambar webserver pagecount hole

Take action and discover your vulnerabilities