Xerver 4.17 allows remote attackers to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.1387
Percentile: 0.93982

CVSS Scoring

Affected Products

• cpe:2.3:a:xerver:xerver:4.17h:*:*:*:*:*:*:*

← Back to Home