WebTrends Reporting Center Path Disclosure vulnerability

2007.11.08
Credit: Oliver Karow
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2004-2748
CWE: CWE-200


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

WebTrends Reporting Center Path Disclosure vulnerability ======================================================== Problem: ======== WebTrends Reporting Center is administrated via a web interface. It seems to be possible to disclose the physical path to the application. This information could be useful to a malicious user wishing to gain illegal access to resources on the server. Vulnerable: =========== WebTrends Reporting Center- Enterprise Edition Version: 6.1a Platform: win32 Built: 7591 Exploiting: =========== http://server:1099/viewreport.pl?profileid=dontexist (see http://www.oliverkarow.de/research/WT.jpg ) Product Description =================== See www.webtrends.com for more information :) Vendor status ============= Vendor was informed on 05/january/2004, and acknowledged the receiption of the message....thats all :( Author: ======= www.oliverkarow.de -- +++ GMX - die erste Adresse fr Mail, Message, More +++ Bis 31.1.: TopMail + Digicam fr nur 29 EUR http://www.gmx.net/topmail


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top