Vulnerabilities > CVE-2006-0949 - Remote Script Disclosure vulnerability in Raidenhttpd 1.1.47

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
raidenhttpd
nessus

Summary

RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. This vulnerability affects RaidenHTTPD, RaidenHTTPD version 1.1.47 and may affect all previous versions.

Vulnerable Configurations

Part Description Count
Application
Raidenhttpd
1

Nessus

NASL familyWeb Servers
NASL idRAIDENHTTPD_SCRIPT_SOURCE_DISCLOSURE.NASL
descriptionThe remote host is running RaidenHTTPD, a web server for Windows. According to its banner, the version of RaidenHTTPD installed on the remote Windows host fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose the source of scripts hosted by the affected application using specially crafted requests with dot, space, and slash characters.
last seen2020-06-01
modified2020-06-02
plugin id21015
published2006-03-06
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21015
titleRaidenHTTPD Crafted Request Script Source Disclosure