TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
References
Configurations
History
No history.
Information
Published : 2002-12-31 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-2389
Mitre link : CVE-2002-2389
CVE.ORG link : CVE-2002-2389
JSON object : View
Products Affected
fastlink_software
- the_server
CWE
CWE-255
Credentials Management Errors