Roxen WebServer 2.0 .X %00 Request File/Directory Disclosure Vulnerability

ID SSV:74000
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


If a request containing the null character (%00) is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages.

For example, a request to

Will return the contents of the server's document root directory.

Versions of Roxen WebServer 2.0 prior to 2.0.69 are affected.