| VID |
22403 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The relevant host is running a version of NetworkActiv Web Server which is older than 3.5.16. NetworkActiv Web Server is a simple and easy to use web server (HTTP server). NetworkActiv Web Server versions prior to 3.5.16 could allow a remote attacker to obtain the source code of script files. By sending a specially-crafted URL request with a / (forward slash) after the file extension, a remote attacker could read the requested file's source code.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://secunia.com/secunia_research/2006-10/advisory/
http://secunia.com/advisories/18947/
* Platforms Affected:
NetworkActiv Web Server versions prior to 3.5.16
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of NetworkActive Web Server (3.5.16 or later), available from the NetworkActiv Web site at http://www.networkactiv.com/WebServer.html |
| Related URL |
CVE-2006-0815 (CVE) |
| Related URL |
16895 (SecurityFocus) |
| Related URL |
24979 (ISS) |
|
