Regulus custchoice.php Arbitrary Customer Information Disclosure

2004-09-07T00:00:00
ID OSVDB:9821
Type osvdb
Reporter (masud_libra@hotmail.com)
Modified 2004-09-07T00:00:00

Description

Vulnerability Description

Regulus contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker submits a specially crafted URL, which will disclose user connection logs resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Regulus contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker submits a specially crafted URL, which will disclose user connection logs resulting in a loss of confidentiality.

Manual Testing Notes

http://cust.domain/base-dir/htmlcust/custchoice.php?lang=English&userid=<name>&action=To see your connections logs

References:

Vendor URL: http://www.regulus.safe.ca/ Secunia Advisory ID:12513 Related OSVDB ID: 9926 Related OSVDB ID: 9925 Other Advisory URL: http://www.aosp.net/regulus.ppt Other Advisory URL: http://www.aosp.net/regulus.htm Bugtraq ID: 11133