Detections
Analytics

NetworkActiv Web Server Crafted Filename Request Script Source Disclosure

medium Nessus Plugin ID 21154

Language:

Synopsis

The remote web server suffers from an information disclosure flaw.

Description

The remote host is running NetworkActiv Web Server, a freeware web server for Windows.

According to its banner, the installed version of NetworkActiv Web Server does not properly validate the extension of filenames before deciding how to serve them. By including a forward-slash character, a remote attacker may be able to leverage this issue to disclose the source of scripts hosted by the affected application.

Solution

Upgrade to NetworkActiv Web Server version 3.5.16 or later.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2006-10/advisory/

http://www.networkactiv.com/WebServer.html

Plugin Details

Severity: Medium

ID: 21154

File Name: networkactiv_script_source_disclosure.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 3/27/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:networkactiv:networkactiv_web_server

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/1/2006

Reference Information

CVE: CVE-2006-0815

BID: 16895