ScreamingMedia SITEWare 版本2.5到3.1存在漏洞。远程攻击者可以借助到(1)SITEWare Editor\'\'s Desktop或(2)SWEditServlet的template参数的..(点 点)攻击读取全局可读文件。
ScreamingMedia has addressed this issue in SiteWare 2.5.1 and 3.1.1. In order to obtain the fixed version contact the vendor at:
来源:US-CERT Vulnerability Note: VU#795707 名称: VU#795707 链接:http://www.kb.cert.org/vuls/id/795707 来源: www01.screamingmedia.com 链接:http://www01.screamingmedia.com/en/security/sms1001.php 来源: XF 名称: siteware-dot-file-retrieval(6689) 链接:http://xforce.iss.net/xforce/xfdb/6689 来源: BID 名称: 2869 链接:http://www.securityfocus.com/bid/2869 来源: OSVDB 名称: 13887 链接:http://www.osvdb.org/13887 来源: BUGTRAQ 名称: 20010613 ScreamingMedia SITEWare source code disclosure vulnerability 链接:http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html 来源: BUGTRAQ 名称: 20010613 ScreamingMedia SITEWare arbitrary file retrieval vulnerability 链接:http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html
暂无