Vulnerabilities > CVE-2006-0815 - Remote Script Disclosure vulnerability in Networkactiv web Server 3.5.15
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | NETWORKACTIV_SCRIPT_SOURCE_DISCLOSURE.NASL |
description | The remote host is running NetworkActiv Web Server, a freeware web server for Windows. According to its banner, the installed version of NetworkActiv Web Server does not properly validate the extension of filenames before deciding how to serve them. By including a forward-slash character, a remote attacker may be able to leverage this issue to disclose the source of scripts hosted by the affected application. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21154 |
published | 2006-03-27 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21154 |
title | NetworkActiv Web Server Crafted Filename Request Script Source Disclosure |
code |
|
References
- http://secunia.com/advisories/18947
- http://secunia.com/secunia_research/2006-10/advisory
- http://www.networkactiv.com/WebServer.html
- http://www.securityfocus.com/archive/1/426461/100/0/threaded
- http://www.securityfocus.com/bid/16895
- http://www.vupen.com/english/advisories/2006/0783
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24979