Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

YAWS < 1.56 Script File Source Code Disclosure

Medium

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files.

Description

The remote host is running YAWS, a web server. This version of YAWS is vulnerable to a NULL byte script file source code disclosure bug. An attacker appending a '%00' to the end of a request can download source code.

Solution

Upgrade to version 1.56 or higher.