| VID |
22326 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The relevant host is running a version of 04WebServer which is prior or equal to 1.42. 04WebServer is an HTTP server for Microsoft Windows operating systems. 04WebServer versions 1.42 and earlier are vulnerable to multiple remote vulnerabilities, due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage these vulnerabilities to carry out cross-site scripting attacks against any Web sites hosted on the affected server and to inject arbitrary characters into log files and to cause a denial of service via an HTTP request for an MS-DOS device name.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-11/0191.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0135.html
http://secunia.com/advisories/13159/
* Platforms Affected:
soft3304, 04WebServer versions 1.42 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of 04WebServer (1.50 or later), available from the 04WebServer Web site at http://www.soft3304.net/04WebServer/ |
| Related URL |
CVE-2004-1512,CVE-2004-1513,CVE-2004-1514 (CVE) |
| Related URL |
11652 (SecurityFocus) |
| Related URL |
18033,18034,18036 (ISS) |
|
