10297 - Web Server Directory Traversal Arbitrary File Access

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

xrocketbunny

Thread Starter
Joined
May 31, 2018
Messages
2
Hi,

I have this vulnerability and would like to know if you guys have a workaround to solve the issue. I occurs on our server scan and has a Critical severity.

A solution was suggested but I don't think contacting the vendor is the way to go, probably do that as my last resort. If you know how to disable the service would really appreciate if you can share it with me.

Solution suggested by nessus: Contact the vendor for an update, use a different product, or disable the service altogether.

Bt the way, it's a Windows Server 2008 R2 x64 SP1.

Thank you so much.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
The only fix will be to make sure all security patches have been applied from Microsoft and/or all other software vendors on the server.
But without more details, we can't tell if this is a new vulnerability discovered by Nessus or an old unpatched vulnerability

We really need to see the full Security report or at least the section saying exactly what is involved. But posting server info in public can be dangerous

You really need to check with a more senior IT support about this in first instance


It is not a good idea to disable services on a server, without really knowing the consequences

This is possibly a generic detection that might not be a "real" risk

https://vulners.com/nessus/WEB_TRAVERSAL.NASL ( not available in IE, only in chrome, FF or Edge )

I haven't seen or heard of any "new" vulnerabilities on server 2008 recently. Whether it is due to a plugin or other 3rd party program on the server, rather than the server OS itself, needs to be investigated.
 
Last edited:

xrocketbunny

Thread Starter
Joined
May 31, 2018
Messages
2
I see your point. I will probably apply all security patches for now, update you when it's done.

Thanks a lot dude.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top