A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
Max CVSS
7.5
EPSS Score
1.14%
Published
2001-08-02
Updated
2017-10-10
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.
Max CVSS
5.0
EPSS Score
1.09%
Published
2000-07-21
Updated
2017-10-10
Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML.
Max CVSS
5.0
EPSS Score
0.56%
Published
1999-10-07
Updated
2016-10-18
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!