CVE-2009-3646

Name of the Vulnerable Software and Affected Versions InterVations NaviCOPA Web Server version 3.01

Description The issue allows remote attackers to obtain the source code for a web page via a specially crafted HTTP request. This is achieved by adding ::$DATA after the HTML file name in the request.

Recommendations For InterVations NaviCOPA Web Server version 3.01, consider restricting access to sensitive web pages until a fix is available. As a temporary workaround, avoid using the ::$DATA suffix in HTTP requests to minimize the risk of source code exposure. At the moment, there is no information about a newer version that contains a fix for this issue.