The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.
Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Next-gen_application_firewall | Sangfor | 8.0.17 (including) | 8.0.17 (including) |