Summary
Mongoose is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may aid in further attacks.
This issue affects Mongoose 2.8
other versions may be
vulnerable as well.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4535 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
- jHTTPd Directory Traversal Vulnerability
- Apache UserDir Sensitive Information Disclosure
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities