PT-2007-1213 · Unknown · Easy Chat Server

Published

2007-01-16

Updated

2017-07-29

CVE-2006-6933

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Easy Chat Server version 2.1

Description: The issue allows remote attackers to download certain files due to insufficient access control. Sensitive information is stored under the web root, making it accessible via direct requests to files such as ServerKey.pem and AcceptIP.txt.

Recommendations: For Easy Chat Server version 2.1, restrict access to sensitive files such as ServerKey.pem and AcceptIP.txt to prevent unauthorized downloads. Consider relocating these files outside the web root or implementing proper access controls to mitigate the risk.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6933

Affected Products

Easy Chat Server

PT-2007-1213 · Unknown · Easy Chat Server

CVE-2006-6933

Related Identifiers

Affected Products

References · 3