PT-2012-3653 · Atmail · Atmail Open-Source

Sergey Scherbel

Publicado

2012-03-27

Atualizado

2017-12-13

CVE-2012-1920

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions AtMail Open-Source versions 1.04 and earlier

Description The issue allows remote attackers to obtain configuration information by making a direct request to "install/info.php", which calls the phpinfo() function.

Recommendations For AtMail Open-Source versions 1.04 and earlier, consider restricting access to the "install/info.php" file to prevent unauthorized disclosure of configuration information. As a temporary workaround, remove or disable the "install/info.php" file until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2012-1920

Produtos afetados

Atmail Open-Source

PT-2012-3653 · Atmail · Atmail Open-Source

CVE-2012-1920

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6