Abyss Web Server Malicious HTTP Request Information Disclosure Vulnerability

info
discussion
exploit
solution
references

Abyss Web Server Malicious HTTP Request Information Disclosure Vulnerability

Reportedly, it is possible for attackers to obtain the contents of files by appending a special character to HTTP requests to Abyss Web Server. Appending the character '+' may disclose the contents of files which would normally act as CGI scripts. In particular, this has been reported with '.chl' files used for remote administration of the system.