Free Peers BearShare Directory Traversal Vulnerability

Free Peers BearShare Directory Traversal Vulnerability

Free Peers Inc. BearShare is a Windows-based file-sharing utility.

Under certain configurations and platforms, versions of BearShare are prone to directory-traversal attacks.

Although the product's website feature does filter '/../' sequences (which are commonly effective in traversal attacks), an attacker could construct a path expression that will bypass the product's input validation.

As a result, BearShare's website feature, if enabled, can permit a remote attacker to traverse the webserver's directory structure and request files from outside the web root.

Note that this vulnerability does not appear to affect Windows 2000 installations of BearShare.