https://www.exploit-db.com/exploits/20925
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-083

ScreamingMediaSITEWare版本2.5到3.1存在漏洞。远程攻击者可以借助到(1)SITEWareEditor’sDesktop或(2)SWEditServlet的template参数的..（点点）攻击读取全局可读文件。

source: http://www.securityfocus.com/bid/2868/info

Screaming Media is a provider for custom web content. SiteWare Editor Desktop is the web-based administration tool for managing Screaming Media content.

SiteWare Editor Desktop is prone to directory traversal attacks which can lead to disclosure of arbitrary webserver-readable files on the vulnerable host. This is due to the fact that the software does not filter '../' character sequences from HTTP Requests. 

http://server:port/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/passwd

来源:US-CERTVulnerabilityNote:VU#795707
名称:VU#795707
链接:http://www.kb.cert.org/vuls/id/795707
来源:www01.screamingmedia.com
链接:http://www01.screamingmedia.com/en/security/sms1001.php
来源:XF
名称:siteware-dot-file-retrieval(6689)
链接:http://xforce.iss.net/xforce/xfdb/6689
来源:BID
名称:2869
链接:http://www.securityfocus.com/bid/2869
来源:OSVDB
名称:13887
链接:http://www.osvdb.org/13887
来源:BUGTRAQ
名称:20010613ScreamingMediaSITEWaresourcecodedisclosurevulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html
来源:BUGTRAQ
名称:20010613ScreamingMediaSITEWarearbitraryfileretrievalvulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html