CERN HTTPD Access Control Bypass Network Vulnerability

Summary

It is possible to access protected web pages by changing / with // or /./ This was a bug in old versions of CERN web server A work around consisted in rejecting patterns like: //* *//* /./* */./*

Solution

Upgrade your web server or tighten your filtering rules

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities January 2010
Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
Codebrws.asp Source Disclosure Vulnerability
BadBlue invalid null byte vulnerability

CERN HTTPD access control bypass

Take action and discover your vulnerabilities