Test ID:	1.3.6.1.4.1.25623.1.0.800412
Category:	Web Servers
Title:	Mongoose Web Server <= 2.8 Source Code Disclosure Vulnerability
Summary:	Mongoose Web Server is prone to a source code disclosure; vulnerability.
Description:	Summary: Mongoose Web Server is prone to a source code disclosure vulnerability. Vulnerability Insight: The issue is due to an error within the handling of HTTP requests and can be exploited to disclose the source code of certain scripts (e.g. PHP) by appending '::$DATA' or '/' to a URI. Vulnerability Impact: Successful exploitation will allow remote attackers to display the source code of arbitrary files instead of an expected HTML response. Affected Software/OS: Mongoose Web Server version 2.8 and prior on Windows. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4530 http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt http://secunia.com/advisories/36934 Common Vulnerability Exposure (CVE) ID: CVE-2009-4535 http://freetexthost.com/0lcsrgt3vw http://pocoftheday.blogspot.com/2009/10/mongoose-web-server-v280-remote-source_22.html
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.