Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=vuln-dev&m=102121925428844&w=2 - | |
References | () http://www.ifrance.com/kitetoua/tuto/5holes5.txt - | |
References | () http://www.securityfocus.com/bid/4738 - |
Information
Published : 2002-12-31 05:00
Updated : 2024-11-20 23:43
NVD link : CVE-2002-2342
Mitre link : CVE-2002-2342
CVE.ORG link : CVE-2002-2342
JSON object : View
Products Affected
joe_depasquale
- bannermatic
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor