• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability

An information disclosure vulnerability has been for Apache. The vulnerability occurs due to inadequate checks being performed on CGI scripts. This vulnerability exists only when both WebDAV and CGI are enabled for folders.

An attacker can exploit this vulnerability by making a POST request to a CGI script. Due to improper interaction between WebDAV and CGI scripts, this will result in the Web server returning the contents of the CGI script to the remote attacker.