[原文]eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file.
eMotion MediaPartner Web Server BHTML Source Disclosure
Remote / Network Access
Loss of Confidentiality
Emotion MediaPartner Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user appends a period character ('.') or a plus-sign character ('+') to an HTTP request for a '.bhtml' file occurs, which will disclose the source code for the requested file resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.