Wiser SIP Server Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Wiser SIP Server and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to gain sensitive information without prior authentication. Impact Level: Application

Solution

No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available. For Updates refer to http://www.develsistemas.com.br

Insight

Wiser contains a flaw that allow a remote attacker to gain access to backup information by sending a direct request for the /voip/sipserver/class/baixarBackup.php script.

Affected

Wiser SIP Server version 2.10

Detection

Send the crafted HTTP GET request and check is it possible to read the backup information.

References

http://packetstormsecurity.com/files/126700/
http://www.osvdb.org/107116

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
AMSI 'file' Parameter Directory Traversal Vulnerability
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities