HomePentest-Tools.com Logo

bozotic HTTP server Information Disclosure Vulnerability CVE-2010-2320

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

bozotic HTTP server is prone to an information disclosure vulnerability.

Risk description

The server is not properly handling requests to a users public_html folder while the folder does not exist. This can be exploited to determine the existence of user accounts via multiple requests for URIs beginning with /~ sequences. Successful exploitation will allow attacker to determine the existence of a user and potentially disclose the users files.

Recommendation

Upgrade to bozotic HTTP server version 20100621 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 2, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available