PT-2009-1861 · Rapid · Rapid Classified
Cobra_21
·
Published
2009-03-02
·
Updated
2017-09-29
·
CVE-2008-6388
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Rapid Classified versions 3.1 through 3.15
Description:
The issue allows remote attackers to download the database file due to insufficient access control. Sensitive information is stored under the web root, making it accessible via a direct request to "cldb.mdb".
Recommendations:
For versions 3.1 through 3.15, restrict access to the cldb.mdb file to prevent unauthorized downloads. Consider relocating sensitive information outside of the web root or implementing proper access controls to mitigate the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rapid Classified