Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1598

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-1598
Last Modified 07 Mar 2011 09:33:24
Published 03 Apr 2006 01:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1598

Summary

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension.

Vulnerable Systems

Application

  • An-httpd 1.2b

  • An-httpd 1.38

  • An-httpd 1.39

  • An-httpd 1.40

  • An-httpd 1.41

  • An-httpd 1.41b

  • An-httpd 1.41c

  • An-httpd 1.42n


References

BID - 17350

SECUNIA - 19326

VUPEN - ADV-2006-1200

BUGTRAQ - 20060403 Secunia Research: AN HTTPD Script Source Disclosure Vulnerability

MISC - http://secunia.com/secunia_research/2006-21/advisory

XF - anhttpd-script-source-disclosure(25591)

OSVDB - 24323

SECTRACK - 1015858


Last Updated: 27 May 2016 10:42:08