I'm getting the following security hole on a web server: ----------------- PluginID: 11064 BadBlue invalid null byte vulnerability
It was possible to read the content of /EXT.INI (BadBlue configuration file) by sending an invalid GET request. A cracker may exploit this vulnerability to steal the passwords. Solution : upgrade your software or protect it with a filtering reverse proxy Risk factor : Medium CVE : CAN-2002-1021 BID : 5226 ----------------- The thing is that the webserver is already behind a reverse proxy and a load balancer. Does anyone else have an alternative solution to this? -Terje This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
