Summary
This host is running NetDecision Traffic Grapher Server and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attackers to gain sensitive information.
Impact Level: Application
Solution
Upgrade to Traffic Grapher Server 4.6.1 or later
For updates refer to http://www.netmechanica.com/downloads/
Insight
The flaw is due to an improper validation of malicious HTTP GET request to 'default.nd' with invalid HTTP version number followed by multiple 'CRLF', which discloses the source code of 'default.nd'.
Affected
NetDecision Traffic Grapher Server version 4.5.1
Severity
Classification
-
CVE CVE-2012-1466 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
- Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
- aMSN session hijack vulnerability (Windows)
- Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)