1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

10297 - Web Server Directory Traversal Arbitrary File Access

Discussion in 'Windows Server' started by xrocketbunny, May 31, 2018.

Thread Status:
Not open for further replies.
  1. xrocketbunny

    xrocketbunny Thread Starter

    Joined:
    May 31, 2018
    Messages:
    2
    Hi,

    I have this vulnerability and would like to know if you guys have a workaround to solve the issue. I occurs on our server scan and has a Critical severity.

    A solution was suggested but I don't think contacting the vendor is the way to go, probably do that as my last resort. If you know how to disable the service would really appreciate if you can share it with me.

    Solution suggested by nessus: Contact the vendor for an update, use a different product, or disable the service altogether.

    Bt the way, it's a Windows Server 2008 R2 x64 SP1.

    Thank you so much.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,368
    First Name:
    Derek
    The only fix will be to make sure all security patches have been applied from Microsoft and/or all other software vendors on the server.
    But without more details, we can't tell if this is a new vulnerability discovered by Nessus or an old unpatched vulnerability

    We really need to see the full Security report or at least the section saying exactly what is involved. But posting server info in public can be dangerous

    You really need to check with a more senior IT support about this in first instance


    It is not a good idea to disable services on a server, without really knowing the consequences

    This is possibly a generic detection that might not be a "real" risk

    https://vulners.com/nessus/WEB_TRAVERSAL.NASL ( not available in IE, only in chrome, FF or Edge )

    I haven't seen or heard of any "new" vulnerabilities on server 2008 recently. Whether it is due to a plugin or other 3rd party program on the server, rather than the server OS itself, needs to be investigated.
     
    Last edited: Jun 1, 2018
  3. xrocketbunny

    xrocketbunny Thread Starter

    Joined:
    May 31, 2018
    Messages:
    2
    I see your point. I will probably apply all security patches for now, update you when it's done.

    Thanks a lot dude.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1210999

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice