| Essentia
Web Server Directory Traversal Vulnerability
Type Directory Traversal Release Date February 22, 2002 Product / Vendor The Essentia Web Server provides Enhanced Web Application and Communication Services. Whether you are setting up a simple Web Site on your Corporate Intranet or creating large sites for the Internet, Essentia provides a simple and flexible way to make an even stronger Web and Applications Platform. Summary Adding the string "/../" to an URL allows an attacker to view and download any file on the server. http://host/../../ Tested Windows 2000 / Essentia Web Server 2.1 Vulnerable Essentia Webserver 2.1 (And may be other.) Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |