CaLogic Path Disclosure doclsqlres.php Direct Request Path Disclosure

2005-08-09T06:21:43
ID OSVDB:18989
Type osvdb
Reporter GB(gb.network@gmail.com)
Modified 2005-08-09T06:21:43

Description

Vulnerability Description

CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the doclsqlres.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the doclsqlres.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Manual Testing Notes

http://[target]/calogic122/doclsqlres.php

References:

Vendor URL: http://www.calogic.de/ Related OSVDB ID: 18990 Related OSVDB ID: 18991 Related OSVDB ID: 18992 Related OSVDB ID: 18993 Related OSVDB ID: 18994 Related OSVDB ID: 18995 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0150.html ISS X-Force ID: 21786 CVE-2005-2576