Summary
It is possible to make the remote host return the content of any world readable file by requesting a path outside the bound HTML root directory from the Snif program.
An attacker may use this flaw to view sensitive files that reside on the remote host.
Solution
Upgrade to Snif version 1.2.5 or newer
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- @Mail WebMail Email Body HTML Injection Vulnerability
- /doc directory browsable ?
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities