https://www.exploit-db.com/exploits/19797
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200003-018

StarOfficeStarSchedulerweb服务器存在漏洞。远程攻击者借助..(点点)攻击可以读取任意文件。

source: http://www.securityfocus.com/bid/1040/info

StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.

http://starscheduler_server:801/../../../../etc/shadow

来源:BID
名称:1040
链接:http://www.securityfocus.com/bid/1040
来源:BUGTRAQ
名称:20000308[SAFER000309.EXP.1.4]StarScheduler(StarOffice)vulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html