ScreamingMedia SiteWare文件泄露漏洞

ScreamingMedia SiteWare文件泄露漏洞

漏洞ID 1106386 漏洞类型 输入验证
发布时间 2001-06-13 更新时间 2005-10-20
图片[1]-ScreamingMedia SiteWare文件泄露漏洞-安全小百科CVE编号 CVE-2001-0555
图片[2]-ScreamingMedia SiteWare文件泄露漏洞-安全小百科CNNVD-ID CNNVD-200108-083
漏洞平台 Java CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/20925
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-083
|漏洞详情
ScreamingMediaSITEWare版本2.5到3.1存在漏洞。远程攻击者可以借助到(1)SITEWareEditor’sDesktop或(2)SWEditServlet的template参数的..(点点)攻击读取全局可读文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2868/info

Screaming Media is a provider for custom web content. SiteWare Editor Desktop is the web-based administration tool for managing Screaming Media content.

SiteWare Editor Desktop is prone to directory traversal attacks which can lead to disclosure of arbitrary webserver-readable files on the vulnerable host. This is due to the fact that the software does not filter '../' character sequences from HTTP Requests. 

http://server:port/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/passwd
|参考资料

来源:US-CERTVulnerabilityNote:VU#795707
名称:VU#795707
链接:http://www.kb.cert.org/vuls/id/795707
来源:www01.screamingmedia.com
链接:http://www01.screamingmedia.com/en/security/sms1001.php
来源:XF
名称:siteware-dot-file-retrieval(6689)
链接:http://xforce.iss.net/xforce/xfdb/6689
来源:BID
名称:2869
链接:http://www.securityfocus.com/bid/2869
来源:OSVDB
名称:13887
链接:http://www.osvdb.org/13887
来源:BUGTRAQ
名称:20010613ScreamingMediaSITEWaresourcecodedisclosurevulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html
来源:BUGTRAQ
名称:20010613ScreamingMediaSITEWarearbitraryfileretrievalvulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html

相关推荐: telligent CommunityForum SearchResults.aspx 跨站脚本攻击漏洞

telligent CommunityForum SearchResults.aspx 跨站脚本攻击漏洞 漏洞ID 1198772 漏洞类型 跨站脚本 发布时间 2005-07-05 更新时间 2005-07-05 CVE编号 CVE-2005-2084 CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享