CVE-2004-2518

Name of the Vulnerable Software and Affected Versions Gattaca Server 2003 version 1.1.10.0

Description The issue allows remote attackers to obtain sensitive information. This can be achieved by either appending a trailing null byte ("%00") to a URL or by providing an invalid LANGUAGE parameter to web.tmpl, which results in an error message that reveals the full installation path.

Recommendations For Gattaca Server 2003 version 1.1.10.0, consider restricting access to the web.tmpl endpoint until a fix is available. As a temporary workaround, avoid using invalid LANGUAGE parameters to prevent the disclosure of sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.