Key Focus KF Web Server 1.0.2 - Directory Contents Disclosure
| EKU-ID: 27102 | CVE: CVE-2002-1031;OSVDB-5026 | OSVDB-ID: |
| Author: Securiteinfo.com | Published: 2002-07-08 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27102 | CVE: CVE-2002-1031;OSVDB-5026 | OSVDB-ID: |
| Author: Securiteinfo.com | Published: 2002-07-08 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5177/info It has been reported that version 1.0.2 of KF Web Server discloses the contents of directories when a certain character is present in the URL. If a remote attacker appends the "%00" character, it will cause the web server to display the contents of the current directory. http://server_name/subdir/%00 http://server_name/%00