Summary
OmniPro HTTPd 2.08 suffers from a security vulnerability that permits malicious users to get the full source code of scripting files.
By appending an ASCII/Unicode space char '%20' at the script suffix, the web server will no longer interpret it and rather send it back clearly as a simple document to the user in the same manner as it usually does to process HTML-like files.
The flaw does not work with files located in CGI directories (e.g cgibin, cgi-win)
Exploit: GET /test.php%20 HTTP/1.0
Vulnerable systems: up to release 2.08
Solution
The vendor is aware of the problem but so far, no
patch has been made available. Contact your web server vendor for a possible solution. Until a complete fix is available, you should remove all scripting files from non-executable directories.
Severity
Classification
-
CVE CVE-2001-0778 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Open For Business HTML injection vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability