Описание
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-3365
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34977
- http://osvdb.org/37505
- http://secunia.com/advisories/25754
- http://securityreason.com/securityalert/2827
- http://www.securityfocus.com/archive/1/471914/100/0/threaded
- http://www.securityfocus.com/bid/24571
Связанные уязвимости
CVSS3: 7.5
nvd
больше 18 лет назад
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.