Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2008

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2008
Last Modified 05 Sep 2008 04:50:38
Published 17 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2008

Summary

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).

Vulnerable Systems

Application

  • Yaws Webserver 1.50

  • Yaws Webserver 1.51

  • Yaws Webserver 1.52

  • Yaws Webserver 1.53

  • Yaws Webserver 1.54

  • Yaws Webserver 1.55


References

CONFIRM - http://yaws.hyber.org/yaws-1.55_to_1.56.patch

SECUNIA - 15740

BUGTRAQ - 20050617 Source Code Disclosure in Yaws Webserver <1.56

OSVDB - 17375


Last Updated: 27 May 2016 10:40:22