PT-2010-1652 · Toutvirtual+1 · Toutvirtual Virtualiq Pro+1

Published

2010-05-07

Updated

2018-10-10

CVE-2009-4844

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ToutVirtual VirtualIQ Pro version 3.2 build 7882

Description The issue allows remote attackers to obtain sensitive Tomcat information by making a direct request to the "/status" URI on port 9080, due to a lack of access restriction.

Recommendations For ToutVirtual VirtualIQ Pro version 3.2 build 7882, restrict access to the /status URI on port 9080 to prevent unauthorized disclosure of sensitive Tomcat information.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-4844

Affected Products

Apache Tomcat

Toutvirtual Virtualiq Pro

PT-2010-1652 · Toutvirtual+1 · Toutvirtual Virtualiq Pro+1

CVE-2009-4844

Weakness Enumeration

Related Identifiers

Affected Products

References · 4