Description

This alert was generated using only banner information. It may be a false positive.

It's possible to view the source code of CGI scripts via a POST request made to a directory where WebDAV and CGI are enabled.

Affected Apache versions (up to 2.0.42).

Remediation

Upgrade Apache 2.x to the latest version.

References

BID 6065

Apache homepage

Related Vulnerabilities

Magento Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-9689)

WordPress Plugin WooCommerce Dynamic Pricing & Discounts Multiple Vulnerabilities (2.4.1)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29046)

WordPress Plugin Zingiri Web Shop 'uploadfilexd.php' Arbitrary File Upload (2.4.3)

Ruby CVE-2018-16396 Vulnerability (CVE-2018-16396)

Severity

Medium

Classification

CVE-2002-0840 CVE-2002-1156 CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Source Code Disclosure Missing Update