Summary
It was possible to read the content of /EXT.INI
(BadBlue configuration file) by sending an invalid GET request.
A cracker may exploit this vulnerability to steal the passwords.
Solution
upgrade your software or protect it with a filtering reverse proxy
Severity
Classification
-
CVE CVE-2002-1021 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Authentication bypassing in Lotus Domino
- Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
- Apache Tomcat Hash Collision Denial Of Service Vulnerability