CVE-2007-3365 Information

Description

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions which allows remote attackers to obtain sensitive information (script source code) via a modified extension as demonstrated by post.mscgI.

Reference

http://osvdb.org/37505 http://secunia.com/advisories/25754 http://securityreason.com/securityalert/2827 http://www.securityfocus.com/archive/1/471914/100/0/threaded http://www.securityfocus.com/bid/24571 https://exchange.xforce.ibmcloud.com/vulnerabilities/34977