NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure

[robkraus@xxxxxxxxxxxxxx]

Vulnerability title: NetSaro Enterprise Messenger Server Administration Console 
Null Byte Request Source Code Disclosure

CVSS Risk Rating: 5 (Medium)

Product: NetSaro Enterprise Messenger Server

Application Vendor: SEM Software

Vendor URL: http://www.netsaro.com/

Public disclosure date: 8/22/2011

Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT)

Solutionary ID: SERT-VDN-1012

Solutionary public disclosure URL: 
http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Source-Code.html

Vulnerability Description: A vulnerability exists in the NetSaro Enterprise 
Messenger Server Administration Console allowing a remote attacker to obtain 
unauthenticated access to the applications source code. Attackers may make HTTP 
GET requests and append a Null Byte to allow download of the source code for 
the applications web pages. An attacker does not need to authenticate to obtain 
access to source code for pages that usually require authentication prior to 
viewing. More information about this class of vulnerability can be obtained by 
visiting: http://cwe.mitre.org/data/definitions/158.html - Improper 
Neutralization of Null Byte of NUL Character ? CWE 158

Affected software versions: NetSaro Enterprise Messenger Server v2.0 (previous 
versions may also be vulnerable)

Impact: Attackers may be able to obtain access to the source code of the 
application and use information found in the source code to conduct further 
attacks against the application.

Fixed in: None Available

Remediation guidelines: Limit access to the application and apply security 
patches as they become available.