NaviCOPA < 3.01 6th February 2009 Multiple Vulnerabilities
Critical Nessus Plugin ID 35619
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its banner, the version of the NaviCOPA web server software running on the remote host is either earlier than 3.01 or 3.01 from before the 6th of February 2009. Such versions are affected by two vulnerabilities :
- There is a heap-based buffer overflow that can be triggered when handling an overly long GET request.
- The server returns the source of scripts hosted on it if the URL ends in a dot ('.').
SolutionUpgrade to NaviCOPA 3.01 from 6th February 2009 or later as that reportedly resolves the issues.