[Japanese]

JVNDB-2007-000647

Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code

Overview

Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code.

Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to view CGI source code in the server as it does not properly handle a specially crafted HTTP request.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Fuktommy.com
  • httpd.p‚Œ 0.1 beta10 and earlier

Impact

An attacker may be able to view CGI source code that is not intended to be released to the public. Depending on the source code contents, an attacker may be able to get file configuration or account information in the server.
Solution

[Update the Software]

Apply the latest updates provided by the developer.

For more information, refer to the developer's website.
Vendor Information

Fuktommy.com
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#75899905
Revision History

  • [2008/05/21]
      Web page published