header-logo
Suggest Exploit
vendor:
KF Web Server
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Disclosure
200
CWE
Product Name: KF Web Server
Affected Version From: 1.0.2
Affected Version To: 1.0.2
Patch Exists: YES
Related CWE: N/A
CPE: a:kf_web_server:kf_web_server:1.0.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

KF Web Server Directory Disclosure Vulnerability

KF Web Server version 1.0.2 is vulnerable to a directory disclosure vulnerability. If a remote attacker appends the '%00' character to the URL, it will cause the web server to display the contents of the current directory.

Mitigation:

Upgrade to the latest version of KF Web Server
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5177/info

It has been reported that version 1.0.2 of KF Web Server discloses the contents of directories when a certain character is present in the URL.

If a remote attacker appends the "%00" character, it will cause the web server to display the contents of the current directory.

http://server_name/subdir/%00
http://server_name/%00

Navigation

Suggest Exploit

Services By CQR