PT-2000-1522 · Sawmill · Sawmill
Publicado
2000-06-26
·
Atualizado
2013-07-30
·
CVE-2000-0588
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SawMill version 5.0.21
Description
The issue allows remote attackers to read the first line of arbitrary files by listing the file in the
rfcf parameter. This occurs because SawMill attempts to parse the contents of the specified file as configuration commands.Recommendations
For SawMill version 5.0.21, as a temporary workaround, consider restricting access to the
rfcf parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sawmill