Summary
By default, there is a pagecount script with Sambar Web Server located at http://sambarserver/session/pagecount
This counter writes its temporary files in c:\sambardirectory\tmp.
It allows to overwrite any files on the filesystem since the 'page' parameter is not checked against '../../' attacks.
Reference : http://www.securityfocus.com/archive/1/199410
Solution
Remove this script
Severity
Classification
-
CVE CVE-2001-1010 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability