• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Roxen WebServer %00 Request File/Directory Disclosure Vulnerability

Solution:
The recommended solution is to use the administration interface to update the server. Apply the 'Fix for "%00" vulnerability'.

A patch is also available for Roxen 2.0.x:
ftp://ftp.roxen.com/pub/roxen/patches/roxen_2.0.50-http.pike.patch

Although 1.3.122 is not affected by this specific vulnerability, Roxen has provided a patch to eliminiate any further problems related to this issue:
ftp://ftp.roxen.com/pub/roxen/patches/roxen_1.3.122-http.pike.patch

The appropriate patch should be applied to server/protocols/http.pike. The server must be restarted for the fix to take effect.


Roxen WebServer 2.0 .X

• Roxen Roxen WebServer 2.0.X http.pike patch
  This patch can be applied as an alternative to using the administration interface and Roxen Update Server.
  ftp://ftp.roxen.com/pub/roxen/patches/roxen_2.0.50-http.pike.patch