|
|
|
Vulnerability Note VU#910713Apache discloses source code via POST requests to a location with WebDAV and CGI enabledOverviewThere is an information leakage in Apache that results from an interaction between WebDAV and CGI.I. DescriptionApache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST request is sent to a CGI script on an affected server, this vulnerability will cause the source code of the script to be returned to the attacker.II. ImpactRemote attackers can obtain the source code of CGI scripts located on affected servers.III. SolutionApply a patch from your vendorThis vulnerability was addressed in Apache version 2.0.43, available at http://httpd.apache.org/download.cgi. For vendor-specific information regarding this issue, please see the Systems Affected section of this document.
References
This document was written by Jeffrey P. Lanza and is based upon information provided by Apache.org.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader