CVE-2003-1297 - Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log

CVE-2003-1297

Summary

Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files.

References

http://archives.neohapsis.com/archives/bugtraq/2003-10/0083.html
http://www.osvdb.org/23794
http://www.osvdb.org/23795

Vulnerable Configurations

cpe:2.3:a:efs_software:efs_web_server:1.2:*:*:*:*:*:*:*
cpe:2.3:a:efs_software:efs_web_server:1.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-09-2008 - 20:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)
osvdb	23794 23795

Last major update

05-09-2008 - 20:36

Published

31-12-2003 - 05:00

Last modified

05-09-2008 - 20:36