NaviCOPA Script Source Disclosure Vulnerability

NaviCOPA Script Source Disclosure Vulnerability
SECUNIA ADVISORY ID: SA37014
VERIFY ADVISORY: http://secunia.com/advisories/37014/
DESCRIPTION: Dr_IDE has discovered a vulnerability in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an error within the handling of HTTP requests and can be exploited to disclose the source code of certain scripts (e.g. PHP) by appending “%20″ to the URI.
The vulnerability is confirmed in version 3.01.2. Other versions may also be affected.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Dr_IDE
ORIGINAL ADVISORY: http://pocoftheday.blogspot.com/2009/10/navicopa-web-server-3012-remote-source.html
———————————————————————-

mobile

Dieser Beitrag wurde am Donnerstag 15. Oktober 2009, 18:20 unter Bugs / Fehlermeldungen verfasst. Sie können alle Antworten auf diesen Beitrag nachverfolgen mit RSS 2.0. Sie können eine Antwort, oder einen Trackback von Ihrer eigenen Seite hinterlassen.

M	D	M	D	F	S	S
« Jul
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

NaviCOPA Script Source Disclosure Vulnerability

Kalender

Meta