Bradford CampusManager v3.1(6) Sensitive Data Disclosure

2007.05.17

Credit: John Martinelli

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-2629

CWE: CWE-Other

CVSS Base Score: 7.8/10

Impact Subscore: 6.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: None

Availability impact: None

Bradford CampusManager v3.1(6) Sensitive Data Disclosure

The following directories should be protected from world readability. Child folders include backup, log, and configuration files.

http://cmnms.target.com:8080/runTime/
http://cmnms.target.com:8080/remediationReports/

Vulnerable: CampusManager Network Control Application Server v3.1(6) (others should also be affected)

John Martinelli
john (at) martinelli (dot) com [email concealed]
http://john-martinelli.com

May 3rd, 2007

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Bradford CampusManager v3.1(6) Sensitive Data Disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.