漏洞类别:Web server漏洞等级: 
漏洞信息
BearShare, a file-sharing program, contains a flaw that allows remote unauthorized users to use a variant of the ?dot-dot? attack to break out of the root directory used by BearShare. After breaking out of the root directory, the user can download any file on the system, and possibly gain sensitive information that could assist in further attacks against the host.
漏洞危害
By exploiting this vulnerability, a remote user can download any file on the system and possibly gather information that could be used to further compromise the system.
解决方案
Upgrade to BearShare Version 2.3.0, which is available on the Bearshare Web site
0day
文章评论