Xeneo Web Server Crafted Request Script Source Disclosure
Remote / Network Access
Loss of Confidentiality
Xeneo Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to a validation error of the filename extension supplied by the user in the URL, which will disclose the source code of script files (e.g. ASP, PHP) from the server via specially crafted requests containing dot, space and slash characters resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.