|
Family: CGI abuses --> Category: infos
lighttpd Script Source Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of lighttpd
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server suffers from an information disclosure flaw.
Description :
The remote host is running lighttpd, an open-source web server with a
light footprint.
According to its banner, the version of lighttpd installed on the
remote Windows host fails to properly validate filename extensions in
URLs. A remote attacker may be able to leverage this issue to
disclose the source of scripts hosted by the affected application
using specially-crafted requests with dot and space characters.
See also :
http://secunia.com/secunia_research/2006-9/advisory/
http://www.kevinworthington.com:8181/?p=109
Solution :
Upgrade to lighttpd for Windows version 1.4.10a or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|