|
Family: CGI abuses --> Category: infos
OmniPro HTTPd 2.08 scripts source full disclosure Vulnerability Scan
Vulnerability Scan Summary Check the presence of OmniPro HTTPd 2.08 scripts source disclosure.
Detailed Explanation for this Vulnerability Test
OmniPro HTTPd 2.08 suffers from a security vulnerability that permits
malicious users to get the full source code of scripting files.
By appending an ASCII/Unicode space char '%20' at the script suffix,
the web server will no longer interpret it and rather send it back clearly
as a simple document to the user in the same manner as it usually does to
process HTML-like files.
The flaw does not work with files located in CGI directories (e.g cgibin,
cgi-win)
Exploit: GET /test.php%20 HTTP/1.0
Vulnerable systems: up to release 2.08
Solution: The vendor is aware of the problem but so far, no
patch has been made available. Contact your web server vendor
for a possible solution. Until a complete fix is available, you
should remove all scripting files from non-executable directories.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|