GEN:SID 1:2371
Message WEB-MISC Sample_showcode.html access
Summary This event is generated when an attempt is made to access
Sample_showcode.html, a component of the Niti Telecom Caravan Business
Server.
Impact Information disclosure. Possible directory traversal.
Detailed Information Caravan Business Server is used to develop web applications. It is
possible for an external user to perform a directory traversal attack
against the server by maipulating the parameter fname in the
Sample_showcode.html file.
Affected Systems Caravan Business Server 2.00/03D
Attack Scenarios An attacker can view files on the system by performaing a directory
traversal attack using the fname parameter in the Sample_showcode.html
script.
Ease of Attack Simple.
Corrective Action Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.
Additional References  
Rule References bugtraq: 9555