The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files.
The remote host is running YAWS, a web server. This version of YAWS is vulnerable to a NULL byte script file source code disclosure bug. An attacker appending a '%00' to the end of a request can download source code.
Upgrade to version 1.56 or higher.