Test ID:	1.3.6.1.4.1.25623.1.0.10716
Category:	Web Servers
Title:	OmniPro HTTPd <= 2.08 Scripts Source Full Disclosure Vulnerability - Active Check
Summary:	OmniPro HTTPd suffers from a security vulnerability that permits; malicious users to get the full source code of scripting files.
Description:	Summary: OmniPro HTTPd suffers from a security vulnerability that permits malicious users to get the full source code of scripting files. Vulnerability Insight: By appending an ASCII/Unicode space char '%20' at the script suffix, the web server will no longer interpret it and rather send it back clearly as a simple document to the user in the same manner as it usually does to process HTML-like files. The flaw does not work with files located in CGI directories (e.g cgibin, cgi-win) Exploit: GET /test.php%20 HTTP/1.0 Affected Software/OS: OmniPro HTTPd version 2.08 and prior is known to be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0778 Bugtraq: 20010525 Remote vulnerabilities in OmniHTTPd (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html XForce ISS Database: omnihttpd-reveal-source-code(6621) https://exchange.xforce.ibmcloud.com/vulnerabilities/6621
Copyright	Copyright (C) 2001 INTRANODE

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.