Accessing files and directory listings inside the "Root Directory" is apparently intended operation. Worst case, disclosure of the system's password hashes can lead to compromise of the passwords, and therefore, of the server.
Older versions were not available, but are assumed vulnerable. This eliminates most of the issues, although you can still get a directory listing of the "Root Directory" itself but not subdirs even with this in place. Even a fixed version should probably not be exposed to the Internet or other untrusted networks. The directory traversal issue was fixed in version 1. However, arbitrary file access and directory listings inside the "Root Directory" and its subdirs are still possible in this version, unless the trailing backslash is in place.
Note that even with the trailing backslash, directory listing of the "Root Directory" itself is still possible. All I did was see it in the scan results, verify it, reproduce it for testing, report it to the vendor and write this advisory. Thanks to my friends at foofus. Kali Linux. Penetration Testing. Kali NetHunter. Advanced Attack Simulation.
Kali Linux Revealed Book. Warning : Vulnerabilities with publish dates before are not included in this table and chart. Because there are not many of them and they make the page look bad; and they may not be actually published in those years. S: Charts may not be displayed properly especially if there are only a few data points. This page lists vulnerability statistics for all versions of Microsoft Windows Xp. Vulnerability statistics provide a quick overview for security vulnerabilities of this software.
You can view versions of this product or security vulnerabilities related to Microsoft Windows Xp. Log In Register. What's the CVSS score of your company? Selected vulnerability types are OR'ed. If you don't select any criteria "all" CVE entries will be returned. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password.
Post as a guest Name. Email Required, but never shown. The Overflow Blog. Podcast Making Agile work for data science. Stack Gives Back Featured on Meta.
New post summary designs on greatest hits now, everywhere else eventually. Related 8.
0コメント