Orion < 2.0.7 Crafted Filename Extension Source Code Disclosure
Medium Nessus Network Monitor Plugin ID 3486
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionThe remote host is running the Orion HTTP Server. This version of Orion is vulnerable to a flaw where a malformed HTTP query can manipulate the web server into disclosing potentially sensitive source code. An attacker exploiting this flaw would be able to gain access to confidential data that would be useful in future attacks.
SolutionUpgrade to version 2.0.7 or higher.