Roxen WebServer 2.0.x - %00 Request File/Directory Disclosure Vulnerability

2000-07-21T00:00:00
ID EDB-ID:20104
Type exploitdb
Reporter zorgon
Modified 2000-07-21T00:00:00

Description

Roxen WebServer 2.0 .X %00 Request File/Directory Disclosure Vulnerability. CVE-2000-0671. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/1510/info

If a request containing the null character (%00) is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages.

For example, a request to
http://www.server.com/%00

Will return the contents of the server's document root directory.

Versions of Roxen WebServer 2.0 prior to 2.0.69 are affected.