etype eserv 2.50 - Directory Traversal

Author: Ussr Labs
type: remote
platform: windows
port: 
date_added: 1999-11-04 
date_updated: 2012-07-05 
verified: 1 
codes: CVE-1999-1509;OSVDB-54 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/773/info

Etype's Eserv product is designed to be a one-source internet connectivity solution, incorporating mail, web, ftp, and proxy servers into one package. The web server will allow remote browsing of the entire filesystem by the usage of ../ strings in the URL. This gives an attacker read access to every file on the server's filesystem that the webserver has access to.

http://victim.com/../../../autoexec.bat