Summary
The host is running NaviCOPA Web Server and is prone to Source Code Disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to display the source code of arbitrary files (e.g. PHP) instead of an expected HTML response.
Impact Level: Application
Solution
Upgrade to the NaviCOPA Web Server version 3.0.1.3 or later.
For updates refer to http://www.navicopa.com/download.html
Insight
This issue is caused by an error when handling requests with the '%20' string appended to the file extension.
Affected
NaviCOPA Web Server version 3.0.1.2 and prior on windows.
References
Severity
Classification
-
CVE CVE-2009-4529 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability
- F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities
- Codebrws.asp Source Disclosure Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
- IBM WebSphere Application Multiple Vulnerabilities Jul-11