漏洞类别:Web server漏洞等级: 
漏洞信息
ServerWorx is a Web server by SoftLite.
In Version 3.0, it's possible for unauthorized remote users to gain read access to directories outside the root directory. Requesting a specially crafted URL composed of "../" or ".../" sequences to a host running ServerWorx will disclose an arbitrary directory. Unauthorized users can exploit this vulnerability to gain read access to various files residing on the target host.
漏洞危害
Successful exploitation of this vulnerability may lead to the disclosure of sensitive information, which may be used to implement further attacks against the host.
解决方案
Upgrade to the latest version of ServerWorx (5.0 or later), which is available for download from SoftLite's Web site. Note that ServerWorx is now integrated with ScriptWorx.
0day
文章评论