BearShare File Disclosure Variant Vulnerability

BearShare can be run in Website mode, which allows users to host files via a webserver which is bundled in the product.

The BearShare webserver is prone to directory traversal attacks. This may allow remote attackers to break out of the web root directory and browse the filesystem of the host running the software.

This issue is a variant of the vulnerability described in Bugtraq ID 2672. The variant issue was unsuccessfully addressed in version 4.0.6. It is still possible to disclose files with a malicious URL encoded request to the webserver.


Privacy Statement
Copyright 2010, SecurityFocus