OmniHTTPd Encoded Space Request Script Source Disclosure

medium Nessus Plugin ID 10716

Synopsis

The remote web server is vulnerable to an information disclosure attack.

Description

OmniHTTPd is affected by a vulnerability that permits malicious users to get the full source code of scripting files.

By appending an ASCII/Unicode space char '%20' to a script's suffix, the web server will no longer interpret it and instead send it back as a simple document in the same manner as it would an HTML document.

The flaw does not work with files located in CGI directories (e.g cgibin, cgi-win).

Solution

Upgrade to OmniHTTPd Professional 2.09 or later.

See Also

https://seclists.org/bugtraq/2001/May/244

http://www.nessus.org/u?fc21307e

Plugin Details

Severity: Medium

ID: 10716

File Name: Omnihttpd_pro_source_disclosure.nasl

Version: 1.35

Type: remote

Family: CGI abuses

Published: 8/13/2001

Updated: 1/19/2021

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/26/2001

Reference Information

CVE: CVE-2001-0778

BID: 2788