Summary
A security vulnerability in the Savant web server allows attackers to download the original form of CGIs (unprocessed).
This would allow them to see any sensitive information stored inside those CGIs.
Solution
The newest version is still vulnerable to attack (version 2.1), it would be recommended that users cease to use this product.
Additional information:
http://www.securiteam.com/exploits/Savant_Webserver_exposes_CGI_script_source.html
Severity
Classification
-
CVE CVE-2000-0521 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability