Roxen WebServer %00 Request File/Directory Disclosure Vulnerability

The recommended solution is to use the administration interface to update the server. Apply the 'Fix for "%00" vulnerability'.

A patch is also available for Roxen 2.0.x:

Although 1.3.122 is not affected by this specific vulnerability, Roxen has provided a patch to eliminiate any further problems related to this issue:

The appropriate patch should be applied to server/protocols/http.pike. The server must be restarted for the fix to take effect.

Roxen WebServer 2.0 .X


Privacy Statement
Copyright 2010, SecurityFocus