MSMS ver.asp Information Disclosure

2004-04-26T04:47:36
ID OSVDB:5666
Type osvdb
Reporter CyberTalon()
Modified 2004-04-26T04:47:36

Description

Vulnerability Description

Modular Site Management System contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user access's the var.asp script, which will disclose sensitive information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Modular Site Management System contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user access's the var.asp script, which will disclose sensitive information resulting in a loss of confidentiality.

Manual Testing Notes

http://[target]/msms/ver.asp

References:

Vendor URL: http://www.pwnewmedia.co.uk/site/msmsfamily/ Security Tracker: 1009929 Secunia Advisory ID:11477 Bugtraq ID: 10208