Vulnerabilities > CVE-2006-5714 - Information Disclosure and Input Validation vulnerability in EFS Software EFS web Server 4.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Easy File Sharing Web Server 4 Remote Information Stealer Exploit. CVE-2006-5714. Remote exploit for windows platform |
| file | exploits/windows/remote/2690.c |
| id | EDB-ID:2690 |
| last seen | 2016-01-31 |
| modified | 2006-10-30 |
| platform | windows |
| port | 80 |
| published | 2006-10-30 |
| reporter | Greg Linares |
| source | https://www.exploit-db.com/download/2690/ |
| title | Easy File Sharing Web Server 4 - Remote Information Stealer Exploit |
| type | remote |
Nessus
| NASL family | Web Servers |
| NASL id | EFS_WEBSERVER_INFODISCLOSE.NASL |
| description | The version of Easy File Sharing Web Server that is installed on the remote host fails to restrict access to files via alternative data streams. By passing a specially crafted request to the web server, an attacker may be able to access privileged information. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23636 |
| published | 2006-11-08 |
| reporter | This script is Copyright (C) 2006-2016 Justin Seitz |
| source | https://www.tenable.com/plugins/nessus/23636 |
| title | Easy File Sharing Web Server Crafted Request ADS Arbitrary File Access |