Summary
It was possible to read the content of /EXT.INI
(BadBlue configuration file) by sending an invalid GET request.
A cracker may exploit this vulnerability to steal the passwords.
Solution
upgrade your software or protect it with a filtering reverse proxy
Severity
Classification
-
CVE CVE-2002-1021 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011