It was possible to read the content of /EXT.INI (BadBlue configuration file) by sending an invalid GET request. A cracker may exploit this vulnerability to steal the passwords.
upgrade your software or protect it with a filtering reverse proxy
- Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
- bozotic HTTP server Denial of Service Vulnerability
- IBM WebSphere Application Server Administration Directory Traversal Vulnerability
- IBM HTTP Server Multiple Cross Site Scripting Vulnerabilities
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability