PRIOn knowledge basePRION:CVE-2010-5078Improper access control
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.
References
doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10
doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4
open.silverstripe.org/ticket/5031
secunia.com/advisories/42346
www.openwall.com/lists/oss-security/2011/01/03/12
www.openwall.com/lists/oss-security/2012/04/30/1
www.openwall.com/lists/oss-security/2012/04/30/3
www.openwall.com/lists/oss-security/2012/05/01/3
www.osvdb.org/69888
www.securityfocus.com/bid/45367
exchange.xforce.ibmcloud.com/vulnerabilities/63990
Related
