Vulnerabilities > CVE-2006-0949 - Remote Script Disclosure vulnerability in Raidenhttpd 1.1.47
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. This vulnerability affects RaidenHTTPD, RaidenHTTPD version 1.1.47 and may affect all previous versions.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Web Servers |
NASL id | RAIDENHTTPD_SCRIPT_SOURCE_DISCLOSURE.NASL |
description | The remote host is running RaidenHTTPD, a web server for Windows. According to its banner, the version of RaidenHTTPD installed on the remote Windows host fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose the source of scripts hosted by the affected application using specially crafted requests with dot, space, and slash characters. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21015 |
published | 2006-03-06 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21015 |
title | RaidenHTTPD Crafted Request Script Source Disclosure |