HttpCombiner ASP.NET Remote File Disclosure Vulnerability Network Vulnerability

Summary

This host is running HttpCombiner ASP.NET and is prone to remote file disclosure vulnerability.

Impact

Successful exploitation could allow attackers to gain sensitive information. Impact Level: Application

Solution

No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.codeproject.com/KB/aspnet/HttpCombine.aspx

Insight

The flaw is due to insufficient permissions to some of the config files, which reveals the sensitive information.

Affected

HttpCombiner version 1.0

Detection

Send a crafted data via HTTP GET request and check whether it is possible to read the sensitive information.

References

http://www.exploit-db.com/exploits/34920

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
/doc directory browsable ?
An Image Gallery Directory Traversal Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities