Synopsis :

The remote web server hosts an application that is affected by a
information disclosure vulnerability.

Description :

By sending specially crafted requests with a NULL byte followed by an
extension such as '.txt', an unauthenticated, remote attacker can
obtain the source code of PHP files available through the version of
Kerio WinRoute Firewall installed on the remote host.

Solution :

Upgrade to version 6.7.0 as the issue has been confirmed to be
resolved in that version.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true