Summary
This host is running HttpCombiner ASP.NET
and is prone to remote file disclosure vulnerability.
Impact
Successful exploitation could allow
attackers to gain sensitive information.
Impact Level: Application
Solution
No solution or patch is available as of
9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.codeproject.com/KB/aspnet/HttpCombine.aspx
Insight
The flaw is due to insufficient permissions
to some of the config files, which reveals the sensitive information.
Affected
HttpCombiner version 1.0
Detection
Send a crafted data via HTTP GET
request and check whether it is possible to read the sensitive information.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability