Summary
This host is running NetDecision Traffic Grapher Server and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attackers to gain sensitive information.
Impact Level: Application
Solution
Upgrade to Traffic Grapher Server 4.6.1 or later
For updates refer to http://www.netmechanica.com/downloads/
Insight
The flaw is due to an improper validation of malicious HTTP GET request to 'default.nd' with invalid HTTP version number followed by multiple 'CRLF', which discloses the source code of 'default.nd'.
Affected
NetDecision Traffic Grapher Server version 4.5.1
Severity
Classification
-
CVE CVE-2012-1466 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
- aMSN session hijack vulnerability (Windows)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Apache Tomcat servlet/JSP container default files
- Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)