Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> RaidenHTTPD Script Source Disclosure Vulnerability


Vulnerability Assessment Details

RaidenHTTPD Script Source Disclosure Vulnerability

Vulnerability Assessment Summary
Checks version of RaidenHTTPD

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server suffers from an information disclosure flaw.

Description :

The remote host is running RaidenHTTPD, a web server for Windows.

According to its banner, the version of RaidenHTTPD installed on the
remote Windows host fails to properly validate filename extensions in
URLs. A remote attacker may be able to leverage this issue to
disclose the source of scripts hosted by the affected application
using specially-crafted requests with dot, space, and slash
characters.

See also :

http://secunia.com/secunia_research/2006-15/advisory/
http://forum.raidenftpd.com/showflat.php?Cat=&Board=httpd&Number=47234

Solution :

Upgrade to RaidenHTTPD version 1.1.48 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)

Networks Security ID: 16934

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


HP Desktop Computer PC Xeon, up to 32GB RAM, 3TB SSD, Windows 11/10 Pro WiFi picture

HP Desktop Computer PC Xeon, up to 32GB RAM, 3TB SSD, Windows 11/10 Pro WiFi

$169.00



Dell Precision 7910 Xeon E5-2623 v3 3.0GHz 32GB RAM 512GB SSD Nvidia GTX 980 picture

Dell Precision 7910 Xeon E5-2623 v3 3.0GHz 32GB RAM 512GB SSD Nvidia GTX 980

$299.00



Dell Poweredge R630 2x Xeon E5-2670 v3 2.3ghz 24-Cores  32gb  180GB SSD  495w picture

Dell Poweredge R630 2x Xeon E5-2670 v3 2.3ghz 24-Cores 32gb 180GB SSD 495w

$179.99



Supermicro 2U 6028R-E1CR24N 24x LFF- Wholesale Build Your Own Storage Server picture

Supermicro 2U 6028R-E1CR24N 24x LFF- Wholesale Build Your Own Storage Server

$847.99



SR2J1 Intel Xeon E5-2695 v4 18-Core 2.10GHz 45MB 120W FCLGA2011 Processor picture

SR2J1 Intel Xeon E5-2695 v4 18-Core 2.10GHz 45MB 120W FCLGA2011 Processor

$29.20



Intel Xeon E5-2667 V4 3.20GHz SR2P5 Socket LGA2011 Server CPU picture

Intel Xeon E5-2667 V4 3.20GHz SR2P5 Socket LGA2011 Server CPU

$15.00



INTEL XEON E5-2697V4 2.3 GHz 18-CORE SR2JV CM8066002023907 picture

INTEL XEON E5-2697V4 2.3 GHz 18-CORE SR2JV CM8066002023907

$32.75



Intel Xeon E5-2698v4 SR2JW 2.2GHz 20-Cores 50MB 135W LGA2011-3 CPU Processor picture

Intel Xeon E5-2698v4 SR2JW 2.2GHz 20-Cores 50MB 135W LGA2011-3 CPU Processor

$69.50



Lenovo RS160 Xeon E3-1230 V5 16GB Rack Server – Powerful, Scalable, Reliable picture

Lenovo RS160 Xeon E3-1230 V5 16GB Rack Server – Powerful, Scalable, Reliable

$149.75



Lenovo Thinkstation P520c Xeon W-2133 3.60GHz QUADRO P400 W11P  NEW SSD picture

Lenovo Thinkstation P520c Xeon W-2133 3.60GHz QUADRO P400 W11P NEW SSD

$195.00



Discussions

No Discussions have been posted on this vulnerability.