Arbitrary Directory Browsing Vulnerability in Hosting Controller 1.4.1 and Earlier

Arbitrary Directory Browsing Vulnerability in Hosting Controller 1.4.1 and Earlier

CVE-2002-0466 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.