PT-2004-2886 · Aldo · Aldo'S Web Server

Published

2004-03-03

Updated

2017-07-11

CVE-2004-1990

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Aldo's Web Server (aweb) version 1.5

Description The issue allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request.

Recommendations For version 1.5, consider restricting access to sensitive information until a patch is available. As a temporary workaround, review and sanitize all input to prevent malformed requests from being processed.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1990

Affected Products

Aldo'S Web Server

PT-2004-2886 · Aldo · Aldo'S Web Server

CVE-2004-1990

Related Identifiers

Affected Products

References · 7