YAWS < 1.56 Script File Source Code Disclosure
Medium Nessus Network Monitor Plugin ID 3019
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files.
DescriptionThe remote host is running YAWS, a web server. This version of YAWS is vulnerable to a NULL byte script file source code disclosure bug. An attacker appending a '%00' to the end of a request can download source code.
SolutionUpgrade to version 1.56 or higher.