Intrusion Prevention

DirectoryTraversal

Description

It indicates a directory traversal vulnerability in Microsoft FrontPage or Personal Web Server (PWS).


There exists a vulnerability in file access protocols of Microsoft PWS and FrontPage PWS that allows attackers to read arbitrary files by sending a specially-crafted message to the target system.


Affected Products

Any unprotected FrontPage Personal Web Server 1.0 or MS Personal Web Server 4.0 is vulnerable to the attack.

Impact

Attackers can read arbitrary files on the victim system.

Recommended Actions

Apply appropriate patches from Microsoft and/or upgrade the program to the latest non-vulnerable version.

CVE References

CVE-2000-0153 CVE-1999-0386