NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure

[robkraus () soutionary com]

Vulnerability title: NetSaro Enterprise Messenger Server Administration Console Null Byte Request Source Code Disclosure

CVSS Risk Rating: 5 (Medium)

Product: NetSaro Enterprise Messenger Server

Application Vendor: SEM Software

Vendor URL: http://www.netsaro.com/

Public disclosure date: 8/22/2011

Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT)

Solutionary ID: SERT-VDN-1012

Solutionary public disclosure URL: 
http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Source-Code.html

Vulnerability Description: A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console 
allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP 
GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker 
does not need to authenticate to obtain access to source code for pages that usually require authentication prior to 
viewing. More information about this class of vulnerability can be obtained by visiting: 
http://cwe.mitre.org/data/definitions/158.html - Improper Neutralization of Null Byte of NUL Character – CWE 158

Affected software versions: NetSaro Enterprise Messenger Server v2.0 (previous versions may also be vulnerable)

Impact: Attackers may be able to obtain access to the source code of the application and use information found in the 
source code to conduct further attacks against the application.

Fixed in: None Available

Remediation guidelines: Limit access to the application and apply security patches as they become available.