|
|
Family: CGI abuses --> Category: infos
Dwarf HTTP Server < 1.3.3 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks version of Dwarf HTTP Server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server suffers from multiple flaws.
Description :
The remote host is running Dwarf HTTP Server, a full-featured,
Java-based web server.
According to its banner, the version of Dwarf HTTP Server on the
remote host reportedly fails to properly validate filename extensions
in URLs. A remote attacker may be able to leverage this issue to
disclose the source of scripts hosted by the affected application
using specially-crafted requests with dot, space, slash, and NULL
characters.
In addition, the web server also reportedly fails to sanitize requests
before returning error pages, which can be exploited to conduct
cross-site scripting attacks.
See also :
http://secunia.com/secunia_research/2006-13/advisory/
Solution :
Upgrade to Dwarf HTTP Server version 1.3.3 or later.
Threat Level:
Low / CVSS Base Score : 3.3
(AV:R/AC:L/Au:NR/C:C/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
