It was possible to read the content of /EXT.INI (BadBlue configuration file) by sending an invalid GET request. A cracker may exploit this vulnerability to steal the passwords.
upgrade your software or protect it with a filtering reverse proxy
- Authentication bypassing in Lotus Domino
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
- Apache Tomcat Multiple Vulnerabilities January 2010
- IBM WebSphere Application Server Multiple Vulnerabilities