# 10297 - Web Server Directory Traversal Arbitrary File Access



## xrocketbunny (Jun 1, 2018)

Hi,

I have this vulnerability and would like to know if you guys have a workaround to solve the issue. I occurs on our server scan and has a Critical severity.

A solution was suggested but I don't think contacting the vendor is the way to go, probably do that as my last resort. If you know how to disable the service would really appreciate if you can share it with me.

Solution suggested by nessus: Contact the vendor for an update, use a different product, or disable the service altogether.

Bt the way, it's a Windows Server 2008 R2 x64 SP1.

Thank you so much.


----------



## dvk01 (Dec 14, 2002)

The only fix will be to make sure all security patches have been applied from Microsoft and/or all other software vendors on the server.
But without more details, we can't tell if this is a new vulnerability discovered by Nessus or an old unpatched vulnerability

We really need to see the full Security report or at least the section saying exactly what is involved. But posting server info in public can be dangerous

You really need to check with a more senior IT support about this in first instance

It is not a good idea to disable services on a server, without really knowing the consequences

This is possibly a generic detection that might not be a "real" risk

https://vulners.com/nessus/WEB_TRAVERSAL.NASL ( not available in IE, only in chrome, FF or Edge )

I haven't seen or heard of any "new" vulnerabilities on server 2008 recently. Whether it is due to a plugin or other 3rd party program on the server, rather than the server OS itself, needs to be investigated.


----------



## xrocketbunny (Jun 1, 2018)

I see your point. I will probably apply all security patches for now, update you when it's done.

Thanks a lot dude.


----------

