Bozotic HTTP Server Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running bozotic HTTP server and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attacker to determine the existence of a user and potentially disclose the user's files. Impact Level: Application

Solution

Upgrade to bozotic HTTP server version 20100621 or later, For updates refer to http://www.eterna.com.au/bozohttpd/

Insight

The server is not properly handling requests to a user's public_html folder while the folder does not exist. This can be exploited to determine the existence of user accounts via multiple requests for URIs beginning with /~ sequences.

Affected

bozotic HTTP server (aka bozohttpd) versions before 20100621.

References

http://secunia.com/advisories/40737
http://security-tracker.debian.org/tracker/CVE-2010-2320
http://www.eterna.com.au/bozohttpd/CHANGES

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2320
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
IBM WebSphere Application Server Hash Collisions DOS Vulnerability
Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability
CERN HTTPD access control bypass
Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)

bozotic HTTP server Information Disclosure Vulnerability

Take action and discover your vulnerabilities