Zeus < 3.3.5a Web Server Null Byte Request CGI Source Disclosure

Medium Nessus Network Monitor Plugin ID 1447

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files.

Description

The remote host is running the Zeus WebServer. Version 3.1.x to 3.3.5 of this web server are vulnerable to a bug which allows an attacker to view the source code of all the CGI scripts installed, and possibly steal credentials from them.

Solution

Upgrade to Zeus Web Server 3.3.5a or higher

See Also

http://archives.neohapsis.com/archives/bugtraq/2000-02/0072.html

Plugin Details

Severity: Medium

ID: 1447

Family: Web Servers

Published: 2004/08/20

Modified: 2016/11/23

Dependencies: 1442

Nessus ID: 10327

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2000-0149

BID: 977