Bozotic HTTP Server Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running bozotic HTTP server and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attacker to determine the existence of a user and potentially disclose the user's files. Impact Level: Application

Solution

Upgrade to bozotic HTTP server version 20100621 or later, For updates refer to http://www.eterna.com.au/bozohttpd/

Insight

The server is not properly handling requests to a user's public_html folder while the folder does not exist. This can be exploited to determine the existence of user accounts via multiple requests for URIs beginning with /~ sequences.

Affected

bozotic HTTP server (aka bozohttpd) versions before 20100621.

References

http://secunia.com/advisories/40737
http://security-tracker.debian.org/tracker/CVE-2010-2320
http://www.eterna.com.au/bozohttpd/CHANGES

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2320

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
Aspen Sever Directory Traversal Vulnerability
IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
Apache Directory Listing
IBM WebSphere Application Multiple Vulnerabilities Jul-11

bozotic HTTP server Information Disclosure Vulnerability

Take action and discover your vulnerabilities