Roxen WebServer %00 Request File/Directory Disclosure Vulnerability

Solution:
The recommended solution is to use the administration interface to update the server. Apply the 'Fix for "%00" vulnerability'.

A patch is also available for Roxen 2.0.x:
ftp://ftp.roxen.com/pub/roxen/patches/roxen_2.0.50-http.pike.patch

Although 1.3.122 is not affected by this specific vulnerability, Roxen has provided a patch to eliminiate any further problems related to this issue:
ftp://ftp.roxen.com/pub/roxen/patches/roxen_1.3.122-http.pike.patch

The appropriate patch should be applied to server/protocols/http.pike. The server must be restarted for the fix to take effect.


Roxen WebServer 2.0 .X


 

Privacy Statement
Copyright 2010, SecurityFocus