Description

Due to a flaw in Apache HTTP Server, an attacker can read the source code of web application by sending a specially crafted request.

Remediation

Upgrade to the latest version of Apache HTTP Server.

References

Apache 0day bug, which still nobody knows of, and which was fixed accidentally

Related Vulnerabilities

Source code disclosures

GIT Detected

Mercurial repository found

Apache 2.x version older than 2.0.43

[Possible] Source Code Disclosure (Ruby)

Severity

Medium

Classification

CWE-540 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Source Code Disclosure