Detections
Analytics

Xerver Double Slash Authentication Bypass

high Nessus Plugin ID 48254

Language:

Synopsis

The remote web server is affected by an authentication bypass vulnerability.

Description

The version of Xerver installed on the remote host is affected by an authentication bypass vulnerability. It is possible to access protected web directories without authentication by prepending the directory with an extra '/' character, as long as the directory is not recursively protected.

A remote, unauthenticated attacker can leverage this issue to gain access to protected web directories.

Note that this version of Xerver is also potentially affected by multiple other vulnerabilities, though Nessus has not tested for these.

Solution

There is no known solution at this time.

See Also

http://www.nessus.org/u?bfed227d

Plugin Details

Severity: High

ID: 48254

File Name: xerver_authentication_bypass.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 8/5/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 8/3/2010

Reference Information

BID: 42110