11 lines
No EOL
490 B
Text
11 lines
No EOL
490 B
Text
source: http://www.securityfocus.com/bid/38145/info
|
|
|
|
Mongoose is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
|
|
|
|
An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may aid in further attacks.
|
|
|
|
This issue affects Mongoose 2.8; other versions may be vulnerable as well.
|
|
|
|
The following example URI is available:
|
|
|
|
http://www.example.com/file.php%20%20%20 |