PT-2010-4041 · S2 Security · S2 Security Netbox

Shawn Merdinger

Publicado

2010-06-25

Atualizado

2010-07-13

CVE-2010-2465

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions S2 Security NetBox versions 2.5, 3.3, 4.0

Description The issue allows remote attackers to download sensitive information, including node logs, photographs of persons, and backup files, via unspecified HTTP requests due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations For version 2.5, 3.3, and 4.0, restrict access to sensitive information stored under the web root to prevent unauthorized downloads. As a temporary workaround, consider restricting access to the web root until a proper fix is applied. Avoid using HTTP requests that could lead to the exposure of sensitive information until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2010-2465

Produtos afetados

S2 Security Netbox

PT-2010-4041 · S2 Security · S2 Security Netbox

CVE-2010-2465

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10