DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2013-01/0095.html | Exploit |
Configurations
Information
Published : 2013-02-14 14:55
Updated : 2013-02-14 21:00
NVD link : CVE-2013-1402
Mitre link : CVE-2013-1402
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
digitiliti
- digilibe