4 matches found
CVE-2013-6020
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...
CVE-2013-6285
The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020...
CVE-2013-6020
The issue (CVE-2013-6020) affects Tyler Technologies TaxWeb 3.13.3.1 and its Password Reset flow (passwordRequestPOST.jsp). The root cause is that invalid password-recovery requests return different HTTP status codes depending on whether the target user exists, enabling remote attackers to enumer...
CVE-2013-6020
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...