|
Family: Web Servers --> Category: infos
CERN HTTPD access control bypass Vulnerability Scan
Vulnerability Scan Summary Acertains if web access control can be circumvented
Detailed Explanation for this Vulnerability Test
It is possible to access protected web pages
by changing / with // or /./
This was a bug in old versions of CERN web server
A work around consisted in rejecting patterns like:
//*
*//*
/./*
*/./*
Solution : Upgrade your web server or tighten your filtering rules
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|