Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
BID:21611
Info
Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
| Bugtraq ID: | 21611 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2006 12:00AM |
| Updated: | Dec 15 2006 12:00AM |
| Credit: | Brett Moore is credited with the discovery of this issue. |
| Vulnerable: |
Microsoft Project Server 2003 0 |
| Not Vulnerable: | |
Discussion
Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
Microsoft Project Server 2003 is prone to an information-disclosure vulnerability because the application fails to protect private information.
Authenticated attackers may exploit this issue to retrieve sensitive information that may aid in further attacks.
Microsoft Project Server 2003 is prone to an information-disclosure vulnerability because the application fails to protect private information.
Authenticated attackers may exploit this issue to retrieve sensitive information that may aid in further attacks.
Exploit / POC
Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
An authenticated attacker can exploit this issue through a web browser.
An authenticated attacker can exploit this issue through a web browser.
Solution / Fix
Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
References:
References:
- Project Homepage (Microsoft)
- Project Server 2003 - Credential Disclosure (Brett Moore)