Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

OmniPro HTTPd 2.08 scripts source full disclosure Vulnerability Scan


Vulnerability Scan Summary
Check the presence of OmniPro HTTPd 2.08 scripts source disclosure.

Detailed Explanation for this Vulnerability Test

OmniPro HTTPd 2.08 suffers from a security vulnerability that permits
malicious users to get the full source code of scripting files.

By appending an ASCII/Unicode space char '%20' at the script suffix,
the web server will no longer interpret it and rather send it back clearly
as a simple document to the user in the same manner as it usually does to
process HTML-like files.

The flaw does not work with files located in CGI directories (e.g cgibin,
cgi-win)

Exploit: GET /test.php%20 HTTP/1.0

Vulnerable systems: up to release 2.08

Solution: The vendor is aware of the problem but so far, no
patch has been made available. Contact your web server vendor
for a possible solution. Until a complete fix is available, you
should remove all scripting files from non-executable directories.

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.