Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Zeus < 3.3.5a Web Server Null Byte Request CGI Source Disclosure

Medium

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files.

Description

The remote host is running the Zeus WebServer. Version 3.1.x to 3.3.5 of this web server are vulnerable to a bug which allows an attacker to view the source code of all the CGI scripts installed, and possibly steal credentials from them.

Solution

Upgrade to Zeus Web Server 3.3.5a or higher