header-logo
Suggest Exploit
vendor:
OSU (Ohio State University) HTTP Server
by:
SecurityFocus
4.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: OSU (Ohio State University) HTTP Server
Affected Version From: 3.10a
Affected Version To: 3.11a
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

OSU (Ohio State University) HTTP Server Information Disclosure Vulnerabilities

OSU (Ohio State University) HTTP server is prone to multiple information-disclosure vulnerabilities. This may allow a malicious user to gain access to sensitive data; information gained may aid in further attacks. Path-Disclosure and File- and Directroy-Disclosure are two of the vulnerabilities. Versions 3.11a and 3.10a are vulnerable; other versions may also be affected.

Mitigation:

Upgrade to the latest version of OSU (Ohio State University) HTTP server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20098/info

OSU (Ohio State University) HTTP server is prone to multiple information-disclosure vulnerabilities.

This may allow a malicious user to gain access to sensitive data; information gained may aid in further attacks.

Versions 3.11a and 3.10a are vulnerable; other versions may also be affected.

Path-Disclosure
http://www.example.com/NONEXISTANT

Error: 
File /staff$disk/www_server/home/NONEXISTANT (/NONEXISTANT) could 
not be opened VMS especification: 
staff$disk:[www_server.home]NONEXISTANT index.url present


File- and Directroy-Disclosure
http://www.example.com/a*/

Navigation

Suggest Exploit

Services By CQR