Details of VAR-200712-0451

ID

VAR-200712-0451

TITLE

Easy File Sharing Web Server Directory Traversal and Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2007-6918

DESCRIPTION

Easy File Sharing Web Server allows visitors to upload/download files via a browser, with FTP and WEB versions. Easy File Sharing Web Server has an input validation vulnerability when processing user requests. Remote attackers may exploit this vulnerability to obtain sensitive information. Easy File Sharing Web Server does not properly filter certain parameters when uploading files, allowing users to upload files to any parent directory through directory traversal attacks; in addition, there is an error in processing file download requests, allowing users to download admin.sdb and user. Any .sdb database file other than sdb; there is an error in processing the username registration request, allowing the user to leak any file content in the user folder by creating an account with the same username and file name

Trust: 0.81

sources: CNVD: CNVD-2007-6918 // BID: 26771

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2007-6918

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	shttpd	model:	shttpd	scope:	eq	version:	1.38	Trust: 0.3
vendor:	shttpd	model:	shttpd	scope:	eq	version:	1.35	Trust: 0.3
vendor:	shttpd	model:	shttpd	scope:	eq	version:	1.34	Trust: 0.3

sources: CNVD: CNVD-2007-6918 // BID: 26771

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2007-6918
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2007-6918
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2007-6918

THREAT TYPE

network

Trust: 0.3

sources: BID: 26771

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 26771

EXTERNAL IDS

db:	BID	id:	26771	Trust: 0.9
db:	CNVD	id:	CNVD-2007-6918	Trust: 0.6

sources: CNVD: CNVD-2007-6918 // BID: 26771

REFERENCES

url:	http://aluigi.altervista.org/adv/efsup-adv.txt	Trust: 0.6
url:	http://www.sharing-file.com/	Trust: 0.3
url:	/archive/1/484760	Trust: 0.3

sources: CNVD: CNVD-2007-6918 // BID: 26771

CREDITS

Luigi Auriemma is credited with the discovery of these vulnerabilities.

Trust: 0.3

sources: BID: 26771

SOURCES

db:	CNVD	id:	CNVD-2007-6918
db:	BID	id:	26771

LAST UPDATE DATE

2022-05-17T01:41:51.516000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2007-6918	date:	2014-01-24T00:00:00
db:	BID	id:	26771	date:	2007-12-10T23:22:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2007-6918	date:	2007-12-07T00:00:00
db:	BID	id:	26771	date:	2007-12-07T00:00:00