Easy File Sharing Web Server obtain information
| easyfilesharing-obtain-info (17109) |  Medium Risk |
Description:
Easy File Sharing Web Server could allow a remote attacker to obtain sensitive information. By sending a specially-crafted URL request containing the virtual folder name of the C: drive, a remote attacker could view contents on the hard drive.
Platforms Affected:
- EFS Software, Easy File Sharing Web Server 1.25
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Obtain Information
References:
- GulfTech Research and Development Team, Easy File Sharing Webserver v1.25 Vulnerabilities at http://www.gulftech.org/?node=research&article_id=00045-08242004.
- BID-11034: Easy File Sharing Web Server Access Control Bypass Vulnerability
- CVE-2004-1743: Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder.
- SA12372: Easy File Sharing Web Server Exposure of Sensitive Information
- SECTRACK ID: 1011045: Easy File Sharing Web Server Discloses All Files on the Disk to Remote Users
Reported:
Aug 24, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net