NaviCOPA Web Server Source Code Disclosure Vulnerability Network Vulnerability

Summary

The host is running NaviCOPA Web Server and is prone to Source Code Disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to display the source code of arbitrary files (e.g. PHP) instead of an expected HTML response. Impact Level: Application

Solution

Upgrade to the NaviCOPA Web Server version 3.0.1.3 or later. For updates refer to http://www.navicopa.com/download.html

Insight

This issue is caused by an error when handling requests with the '%20' string appended to the file extension.

Affected

NaviCOPA Web Server version 3.0.1.2 and prior on windows.

References

http://secunia.com/advisories/37014
http://www.packetstormsecurity.org/0910-exploits/navicopa-disclose.txt
http://www.vupen.com/english/advisories/2009/2927
http://xforce.iss.net/xforce/xfdb/53799

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4529

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Aspen Sever Directory Traversal Vulnerability
Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
Cherokee Directory Traversal Vulnerability
Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities

Take action and discover your vulnerabilities