Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2309

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-2309
Last Modified 07 Mar 2011 09:35:56
Published 01 Jun 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-2309

Summary

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files.

Vulnerable Systems

Application

  • Etype Eserv 3.0

  • Etype Eserv 3.25


References

BID - 18179

CONFIRM - http://www.eserv.ru/ru/news/news_detail.php?ID=235

SECUNIA - 20059

VUPEN - ADV-2006-2066

BUGTRAQ - 20060531 Secunia Research: Eserv/3 IMAP and HTTP Server MultipleVulnerabilities

MISC - http://secunia.com/secunia_research/2006-37/advisory/

XF - eserv-file-extension-source-code-disclosure(26741)

SREASON - 1006


Last Updated: 27 May 2016 10:42:25