PT-2004-2480 · Aj Fork · Aj-Fork
Publicado
2004-12-31
·
Atualizado
2017-07-11
·
CVE-2004-1572
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AJ-Fork version 167
Description
The issue allows remote attackers to list files in certain directories, such as
data, inc, plugins, skins, or tools, via a direct HTTP request, because access to these directories is not restricted.Recommendations
For AJ-Fork version 167, restrict access to the directories
data, inc, plugins, skins, and tools to prevent remote attackers from listing files in those directories via a direct HTTP request.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Aj-Fork