Apache < 2.0.44 Illegal Character Default Script Mapping Bypass

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a request file disclosure

Description :

The remote host appears to be running a version of Apache for Windows
that is older than 2.0.44. Such versions are reportedly affected by a
flaw that allows an attacker to read files that they should not have
access to by appending special characters to them.

See also :


Solution :

Upgrade to Apache 2.0.44 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11210 (apache_win32_read_files.nasl)

Bugtraq ID: 6660

CVE ID: CVE-2003-0017

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now