Family: Web Servers --> Category: attack
BadBlue invalid null byte vulnerability Vulnerability Scan
Vulnerability Scan Summary
Read BadBlue protected configuration file
Detailed Explanation for this Vulnerability Test
It was possible to read the content of /EXT.INI
(BadBlue configuration file) by sending an invalid GET request.
A cracker may exploit this vulnerability to steal the passwords.
Solution : upgrade your software or protect it with a filtering reverse proxy
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.