Detections
Analytics
CERN httpd Double Slash Protected Webpage Bypass
medium Nessus Plugin ID 17230
Language:
Synopsis
The remote web server is affected by an information disclosure vulnerability.Description
The remote web server allows an attacker to access protected web pages by replacing slashes in the URL with '//' or '/./', which is a known problem in older versions of CERN web server.Solution
Contact the web server vendor for an update or tighten its filtering rules to reject patterns such as ://*
*//* /./*
*/./*
Plugin Details
Severity: Medium
ID: 17230
File Name: cern_httpd_access_ctrl.nasl
Version: 1.19
Type: remote
Family: Web Servers
Published: 2/28/2005
Updated: 8/9/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/ParanoidReport
Vulnerability Publication Date: 5/1/1997