bitweaver Unspecified Script Information Disclosure

2005-12-17T18:29:03
ID OSVDB:21929
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2005-12-17T18:29:03

Description

Vulnerability Description

bitweaver contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides invalid input to a number of unspecified scripts, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution Description

Upgrade to version 1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

bitweaver contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides invalid input to a number of unspecified scripts, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

References:

Vendor URL: http://www.bitweaver.org Vendor Specific News/Changelog Entry: http://www.bitweaver.org/forums/viewtopic.php?t=1299 Related OSVDB ID: 21928 Related OSVDB ID: 21922 Related OSVDB ID: 21926 Related OSVDB ID: 21927 Related OSVDB ID: 21921 Related OSVDB ID: 21924 Related OSVDB ID: 21919 Related OSVDB ID: 21920 Related OSVDB ID: 21923 Related OSVDB ID: 21925 Other Advisory URL: http://pridels.blogspot.com/2005/12/bitweaver-multiple-vuln.html Keyword: formerly TikiPro FrSIRT Advisory: ADV-2005-2975