|
Family: CGI abuses --> Category: infos
RaidenHTTPD Script Source Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of RaidenHTTPD
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server suffers from an information disclosure flaw.
Description :
The remote host is running RaidenHTTPD, a web server for Windows.
According to its banner, the version of RaidenHTTPD installed on the
remote Windows host fails to properly validate filename extensions in
URLs. A remote attacker may be able to leverage this issue to
disclose the source of scripts hosted by the affected application
using specially-crafted requests with dot, space, and slash
characters.
See also :
http://secunia.com/secunia_research/2006-15/advisory/
http://forum.raidenftpd.com/showflat.php?Cat=&Board=httpd&Number=47234
Solution :
Upgrade to RaidenHTTPD version 1.1.48 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|