Yves Goergen BlackBoard Internet Newsboard System cp.inc.php Path Disclosure

2004-10-06T00:00:00
ID OSVDB:10541
Type osvdb
Reporter Lin Xiaofeng(cracklove@gmail.com)
Modified 2004-10-06T00:00:00

Description

Vulnerability Description

Yves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker directly accesses cp.inc.php and receives error messages, which will disclose server path information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.5.1-h or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Yves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker directly accesses cp.inc.php and receives error messages, which will disclose server path information resulting in a loss of confidentiality.

References:

Security Tracker: 1011551 Secunia Advisory ID:12757 Related OSVDB ID: 10539 Related OSVDB ID: 10540 Other Advisory URL: http://blackboard.unclassified.de/70,1#1031 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0044.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0057.html ISS X-Force ID: 17636 CVE-2004-1581