GEN:SID | 1:2371 |
Message | WEB-MISC Sample_showcode.html access |
Summary | This event is generated when an attempt is made to access Sample_showcode.html, a component of the Niti Telecom Caravan Business Server.
|
Impact | Information disclosure. Possible directory traversal.
|
Detailed Information | Caravan Business Server is used to develop web applications. It is possible for an external user to perform a directory traversal attack against the server by maipulating the parameter fname in the Sample_showcode.html file.
|
Affected Systems | Caravan Business Server 2.00/03D
|
Attack Scenarios | An attacker can view files on the system by performaing a directory traversal attack using the fname parameter in the Sample_showcode.html script.
|
Ease of Attack | Simple.
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
Additional References | |
Rule References | bugtraq: 9555
|