Published: 08/02/2000 Updated: 03/05/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Zeus web server allows remote malicious users to view the source code for CGI programs via a null character (%00) at the end of a URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zeus technologies zeus web server 3.1.6
zeus technologies zeus web server 3.1.7
zeus technologies zeus web server 3.3.4
zeus technologies zeus web server 3.3.5
zeus technologies zeus web server 3.1.1
zeus technologies zeus web server 3.1.8
zeus technologies zeus web server 3.1.9
zeus technologies zeus web server 3.1.2
zeus technologies zeus web server 3.1.3
zeus technologies zeus web server 3.3
zeus technologies zeus web server 3.3.1
zeus technologies zeus web server 3.1.4
zeus technologies zeus web server 3.1.5
zeus technologies zeus web server 3.3.2
zeus technologies zeus web server 3.3.3

source: wwwsecurityfocuscom/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled Scripts located in directories which are designated as executable (eg \cgi-bin) are not vulnerable to this exploit http : ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html http://www.securityfocus.com/bid/977 http://www.osvdb.org/254 https://exchange.xforce.ibmcloud.com/vulnerabilities/3982 https://nvd.nist.gov https://www.exploit-db.com/exploits/19747/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-0149

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect