Escapade Error Page Path Disclosure

2003-09-10T05:17:26
ID OSVDB:3575
Type osvdb
Reporter OSVDB
Modified 2003-09-10T05:17:26

Description

Vulnerability Description

Escapade contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL to "PAGE" variable to an invalid script, which will disclose server installation path information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Escapade contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL to "PAGE" variable to an invalid script, which will disclose server installation path information resulting in a loss of confidentiality.

Manual Testing Notes

http://www.site.com/cgi-bin/esp?PAGE=!#$%

References:

Vendor URL: http://www.escapade.org/cgi-bin/esp?PAGE=esp_intro.esp Secunia Advisory ID:9702 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-09/0126.html ISS X-Force ID: 13145 CVE-2003-0764