PT-2002-1193 · Cacheflow · Cacheflow Cacheos

Published

2002-03-25

Updated

2016-10-18

CVE-2002-0107

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CacheFlow CacheOS versions 4.0.13 and earlier

Description The web administration interface in CacheFlow CacheOS allows remote attackers to obtain sensitive information via a series of GET requests that do not end with 'HTTP/1.0' or another version string. This causes the information to be leaked in the error message.

Recommendations For CacheFlow CacheOS versions 4.0.13 and earlier, consider restricting access to the web administration interface until a fix is available. As a temporary workaround, ensure that all GET requests to the interface include a valid HTTP version string to prevent information leakage.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0107

Affected Products

Cacheflow Cacheos

PT-2002-1193 · Cacheflow · Cacheflow Cacheos

CVE-2002-0107

Related Identifiers

Affected Products

References · 6