CVE-2002-2342

Name of the Vulnerable Software and Affected Versions Bannermatic versions 1, 2, and 3

Description The issue allows attackers to obtain sensitive information by directly requesting certain files due to insufficient access control. The files in question include ban.log, ban.bak, ban.dat, and banmat.pwd, which are stored under the web document root.

Recommendations For versions 1, 2, and 3, consider restricting access to the sensitive files ban.log, ban.bak, ban.dat, and banmat.pwd to prevent direct requests. As a temporary workaround, restrict access to the web document root where these files are stored until a more permanent solution is available.