This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
The remote web server is affected by a source code disclosure
The installed version of the LiteSpeed web server software on the
remote host returns the source of scripts hosted on it when a NULL
byte and '.txt' is appended to the request URL.
A remote attacker may be able to leverage this issue to view a file on
the web server's source code and possibly obtain passwords and other
sensitive information from this host.
See also :
Upgrade to LiteSpeed version 4.0.15 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 48246 (litespeed_poison_null_byte.nasl)
Bugtraq ID: 40815
CVE ID: CVE-2010-2333
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.