vendor:
HTTP Server
by:
Dr_IDE
7,5
CVSS
HIGH
Source Disclosure
200
CWE
Product Name: HTTP Server
Affected Version From: MultiThreaded HTTP Server v1.1
Affected Version To: MultiThreaded HTTP Server v1.1
Patch Exists: NO
Related CWE: N/A
CPE: a:voxel:http_server:1.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2010
MultiThreaded HTTP Server v1.1 Source Disclosure
MultiThreaded HTTP Server v1.1 is a Java based HTTP server. This is the latest version of the application available. MultiThreaded HTTP Server is vulnerable to remote source disclosure attacks. Attackers can exploit this vulnerability by sending crafted HTTP requests to the server. The requests can be in the form of http://[ webserver IP][:port]/[ file ][.] http://[ webserver IP][:port]/[ file ][::$DATA] http://[ webserver IP][:port]/[space] (Weird, only works for default index page)
Mitigation:
Ensure that the application is not vulnerable to source disclosure attacks by validating user input and restricting access to sensitive files.
