Xerver < 4.20 Multiple Vulnerabilities

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple flaws.

Description :

The remote host is running Xerver, an open source FTP and web server
written in Java.

The version of Xerver installed on the remote host suffers from
several vulnerabilities that can be used by an attacker to reveal the
contents of directories as well as the source of scripts and HTML
pages. In addition, it is prone to a generic cross-site scripting
flaw.

See also :

http://securitytracker.com/alerts/2005/Oct/1015079.html

Solution :

Upgrade to Xerver 4.20 or later as that is rumoured to address the
issue.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 20062 ()

Bugtraq ID: 15135

CVE ID: CVE-2005-3293
CVE-2005-4774