Summary
This host is installed with Wiser SIP Server and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to gain sensitive information without prior authentication.
Impact Level: Application
Solution
No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available.
For Updates refer to http://www.develsistemas.com.br
Insight
Wiser contains a flaw that allow a remote attacker to gain access to backup information by sending a direct request for the /voip/sipserver/class/baixarBackup.php script.
Affected
Wiser SIP Server version 2.10
Detection
Send the crafted HTTP GET request and check is it possible to read the backup information.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- AMSI 'file' Parameter Directory Traversal Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities