| VID |
22127 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Sambar web server allows to disclose the source code of script files.
Sambar Server is a multi-threaded HTTP, FTP and Proxy server for Windows environments.
Sambar server allows a remote attacker to obtain the source code of server-side scripts.
The cause of this vulnerability is that remote attackers bypass the serverside URL parsing successfully by submitting a request for a known script file along with a space and null character.
For example, you could test this vulnerability as the follow :
http://server/cgi-bin/environ.pl+%00
http://server/cgi-bin/environ.pl+%0
* References:
http://online.securityfocus.com/bid/4533
http://www.iss.net/security_center/static/8876.php |
| Recommendation |
No any solution available as of Sep. 2002. |
| Related URL |
CVE-2002-0737 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
