Detections
Analytics

Zeus < 3.3.5a Web Server Null Byte Request CGI Source Disclosure

medium Nessus Network Monitor Plugin ID 1447

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files.

Description

The remote host is running the Zeus WebServer. Version 3.1.x to 3.3.5 of this web server are vulnerable to a bug which allows an attacker to view the source code of all the CGI scripts installed, and possibly steal credentials from them.

Solution

Upgrade to Zeus Web Server 3.3.5a or higher

See Also

http://archives.neohapsis.com/archives/bugtraq/2000-02/0072.html

Plugin Details

Severity: Medium

ID: 1447

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 10327

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:zeus_technologies:zeus_web_server

Reference Information

CVE: CVE-2000-0149

BID: 977