漏洞类别:Web server漏洞等级: 
漏洞信息
LocalWEB2000 is an HTTP server designed for a small to medium sized Intranet environment. If you have the Version 1.1.0 of this sever, then it's possible for users to gain read access to any known file residing on the server. By submitting a specially crafted HTTP request composed of the known filename and appended with '../', LocalWEB2000 will disclose the file with read permissions.
漏洞危害
Successful exploitation of this vulnerability could result in the disclosure of sensitive information, which could aid in further attacks against the host.
解决方案
This vulnerability will be addressed in a future release of LocalWEB2000. You can download the latest version from theLocalWEB2000 Download page.
0day
文章评论