Detections
Analytics

Mongoose URI Trailing Slash Request Source Code Disclosure

medium Nessus Plugin ID 48201

Language:

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The version of the Mongoose web server running on the remote host discloses the source code of files such as PHP scripts when a trailing slash ('/') is appended to a URL.

An unauthenticated, remote attacker can leverage this issue to disclose the source of scripts, which may contain passwords and other sensitive information.

Solution

Unknown at this time.

See Also

https://code.google.com/archive/p/mongoose/issues/94

Plugin Details

Severity: Medium

ID: 48201

File Name: mongoose_trailing_slash_disclosure.nasl

Version: 1.9

Type: remote

Family: Web Servers

Published: 7/30/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 10/17/2009

Reference Information

CVE: CVE-2009-4535

BID: 42051

CWE: 200