Managed Workplace Service Center About/SC_About.htm 信息泄露露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114516 漏洞类型 信息泄露
发布时间 2008-02-08 更新时间 2008-09-08
CVE编号 CVE-2008-0636 CNNVD-ID CNNVD-200802-238
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/31129
https://www.securityfocus.com/bid/27702
https://cxsecurity.com/issue/WLB-2008020061
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200802-238
|漏洞详情
LevelPlatformsInc.(LPI)ManagedWorkplaceServiceCenter4.x,5.x和6.x版本允许远程攻击者借助一个对About/SC_About.htm的直接请求获取敏感信息。该请求会提供版本和补丁信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/27702/info

Managed Workplace Service Center is prone to an information-disclosure vulnerability because the application fails to protect private information.

Attackers may exploit this issue to retrieve sensitive information that may aid in further attacks.

http://www.example.com/About/SC_About.htm
|受影响的产品
Level Platforms Managed Workplace Service Center 6.x Level Platforms Managed Workplace Service Center 5.x Level Platforms Managed Workplace Service Center 4.x
|参考资料

来源:BID
名称:27702
链接:http://www.securityfocus.com/bid/27702
来源:BUGTRAQ
名称:20080908Re:Re:SECURITYADVISORY-LevelPlatforms,Inc.ServiceCenterInstallDataHTTPVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/496074/100/0/threaded
来源:BUGTRAQ
名称:20080208SECURITYADVISORY-LevelPlatforms,Inc.ServiceCenterInstallDataHTTPVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/487811/100/0/threaded
来源:BUGTRAQ
名称:20080214Re:SECURITYADVISORY-LevelPlatforms,Inc.ServiceCenterInstallDataHTTPVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/488201/100/0/threaded
来源:SREASON
名称:3659
链接:http://securityreason.com/securityalert/3659