source: http://www.securityfocus.com/bid/1510/info
If a request containing the null character (%00) is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages.
For example, a request to
http://www.server.com/%00
Will return the contents of the server's document root directory.
Versions of Roxen WebServer 2.0 prior to 2.0.69 are affected.
{"published": "2000-07-21T00:00:00", "id": "EDB-ID:20104", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "history": [], "enchantments": {"vulnersScore": 5.0}, "hash": "fab727b636e614bac3bbf074eb896ea6b68e13cb0713b16ec9fed880beeb2a71", "description": "Roxen WebServer 2.0 .X %00 Request File/Directory Disclosure Vulnerability. CVE-2000-0671. Remote exploits for multiple platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/20104/", "lastseen": "2016-02-02T13:29:24", "edition": 1, "title": "Roxen WebServer 2.0.x - %00 Request File/Directory Disclosure Vulnerability", "osvdbidlist": ["378"], "modified": "2000-07-21T00:00:00", "bulletinFamily": "exploit", "viewCount": 2, "cvelist": ["CVE-2000-0671"], "sourceHref": "https://www.exploit-db.com/download/20104/", "references": [], "reporter": "zorgon", "sourceData": "source: http://www.securityfocus.com/bid/1510/info\r\n\r\nIf a request containing the null character (%00) is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages.\r\n\r\nFor example, a request to\r\nhttp://www.server.com/%00\r\n\r\nWill return the contents of the server's document root directory.\r\n\r\nVersions of Roxen WebServer 2.0 prior to 2.0.69 are affected. \r\n\r\n", "objectVersion": "1.0"}
{"result": {"cve": [{"id": "CVE-2000-0671", "type": "cve", "title": "CVE-2000-0671", "description": "Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.", "published": "2000-07-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0671", "cvelist": ["CVE-2000-0671"], "lastseen": "2017-10-10T10:34:37"}], "nessus": [{"id": "ROXEN_PERCENT.NASL", "type": "nessus", "title": "Roxen Web Server /%00/ Encoded Request Forced Directory Listing", "description": "The version of Roxen Web Server running on the remote host is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, by using a crafted URL request with '/%00/' appended to the URI, to display a listing of a remote directory, which may contain sensitive files.", "published": "2000-07-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=10479", "cvelist": ["CVE-2000-0671"], "lastseen": "2017-10-29T13:40:09"}], "osvdb": [{"id": "OSVDB:378", "type": "osvdb", "title": "Roxen Web Server /%00/ Encoded Request Forced Directory Listing", "description": "# No description provided by the source\n\n## References:\nSnort Signature ID: 1109\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html\nISS X-Force ID: 4965\n[CVE-2000-0671](https://vulners.com/cve/CVE-2000-0671)\nBugtraq ID: 1510\n", "published": "2000-07-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:378", "cvelist": ["CVE-2000-0671"], "lastseen": "2017-04-28T13:19:55"}]}}
