CGINews and CGIForum Information Disclosure Flaw

2003-12-14T00:00:00
ID OSVDB:3171
Type osvdb
Reporter OSVDB
Modified 2003-12-14T00:00:00

Description

Vulnerability Description

CGINews and CGIForum contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when world-readable user logs are accessed, which will disclose user information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Create an .htaccess file which restricts access to the directory.

AuthType Basic AuthName "No access" AuthUserFile .htnopasswd AuthGroupFile /dev/null Require valid-user

Short Description

CGINews and CGIForum contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when world-readable user logs are accessed, which will disclose user information resulting in a loss of confidentiality.

References:

Secunia Advisory ID:10442 Other Advisory URL: http://www.securityfocus.com/archive/1/347588 Bugtraq ID: 9214