KeyFocus (KF) Web Server Null Byte Request Restricted File / Directory Access

medium Nessus Plugin ID 11166

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The installed version of KF Web Server returns a directory listing when the request URL contains a URL-encoded NULL byte (%00) after the directory name.

Solution

Upgrade to KF Web Server version 1.0.3.

See Also

https://seclists.org/bugtraq/2002/Jul/69

http://www.keyfocus.net/kfws/support/

Plugin Details

Severity: Medium

ID: 11166

File Name: KBWebServer_percent00.nasl

Version: 1.18

Type: remote

Family: Web Servers

Published: 11/25/2002

Updated: 11/15/2018

Supported Sensors: Nessus

Vulnerability Information

Vulnerability Publication Date: 7/7/2002