Roxen WebServer 2.0.x - %00 Request File/Directory Disclosure Vulnerability

ID EDB-ID:20104
Type exploitdb
Reporter zorgon
Modified 2000-07-21T00:00:00


Roxen WebServer 2.0 .X %00 Request File/Directory Disclosure Vulnerability. CVE-2000-0671. Remote exploits for multiple platform


If a request containing the null character (%00) is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages.

For example, a request to

Will return the contents of the server's document root directory.

Versions of Roxen WebServer 2.0 prior to 2.0.69 are affected.