ASP-Nuke伪造Cookie导致信息泄露漏洞

BugCVE: CVE-2002-0523 BUGTRAQ: 4489 ASP-Nuke存在设计问题，可导致攻击者获得主机相关敏感信息。 攻击者可以本地修改Cookie信息并提交，导致主机返回所有当前登陆用户列表或者返回包含WEB ROOT路径的错误信息。 攻击者可以利用这些信息进一步对系统进行攻击。 ASP-Nuke RC1-RC2 厂商补丁： ASP-Nuke -------- 目前厂商已经在最新版本的软件中修补了此漏洞，请到厂商的主页获取最新版本： http://www.asp-nuke.com/downloads.asp...

CVE-2002-0523

ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie...

CVE-2002-0523

ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie...

CVE-2002-0523

ASP-Nuke RC2 and earlier are affected by an information disclosure vulnerability where an attacker can locally modify the user cookie and submit it to cause the server to reveal the list of currently logged-in users (or show the web root path in an error). Affected component: ASP-Nuke RC1–RC2 (co...