Mongoose URI Trailing Slash Request Source Code Disclosure

Medium Nessus Plugin ID 48201


The remote web server is affected by an information disclosure vulnerability.


The version of the Mongoose web server running on the remote host discloses the source code of files such as PHP scripts when a trailing slash ('/') is appended to a URL.

An unauthenticated, remote attacker can leverage this issue to disclose the source of scripts, which may contain passwords and other sensitive information.


Unknown at this time.

See Also

Plugin Details

Severity: Medium

ID: 48201

File Name: mongoose_trailing_slash_disclosure.nasl

Version: $Revision: 1.7 $

Type: remote

Family: Web Servers

Published: 2010/07/30

Modified: 2015/09/24

Dependencies: 10107, 67257

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2009/10/17

Reference Information

CVE: CVE-2009-4535

BID: 42051

OSVDB: 61490

EDB-ID: 9897

CWE: 200