AN HTTPD Crafted Filename Request Script Source Disclosure
Remote / Network Access
Loss of Confidentiality
AN HTTPD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker adds additional characters to a request's filename, which will disclose the software's installation path resulting in a loss of confidentiality.
Upgrade to version 1.42p or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.