PT-2006-6563 · Remlab · Remlab Web Mech Designer

Jesper Jurcenoks

Publicado

2006-11-27

Atualizado

2018-10-17

CVE-2006-5896

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions REMLAB Web Mech Designer version 2.0.5

Description The issue allows remote attackers to obtain the full path of the script by providing an incorrect Tonnage parameter to the "calculate.php" endpoint, triggering a divide-by-zero error. This error leaks the path in an error message.

Recommendations For version 2.0.5, as a temporary workaround, consider restricting access to the "calculate.php" endpoint until a patch is available. Avoid using the Tonnage parameter in a way that could trigger a divide-by-zero error until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-5896

Produtos afetados

Remlab Web Mech Designer

PT-2006-6563 · Remlab · Remlab Web Mech Designer

CVE-2006-5896

Identificadores relacionados

Produtos afetados

Referências · 7