NeatUpload HTTPWorkerRequest.FlushResponse Information Disclosure Vulnerability

Bugtraq ID:	23578
Class:	Race Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 20 2007 12:00AM
Updated:	Apr 20 2007 10:40PM
Credit:	The vendor reported this issue.
Vulnerable:	Brettle Development NeatUpload 1.2.16 Brettle Development NeatUpload 1.2.15 Brettle Development NeatUpload 1.2.15 Brettle Development NeatUpload 1.2.14 Brettle Development NeatUpload 1.2.13 Brettle Development NeatUpload 1.2.12 Brettle Development NeatUpload 1.2.11 Brettle Development NeatUpload 1.1.23 Brettle Development NeatUpload 1.1.22 Brettle Development NeatUpload 1.1.21 Brettle Development NeatUpload 1.1.20 Brettle Development NeatUpload 1.1.19 Brettle Development NeatUpload 1.1.18 Brettle Development NeatUpload trunk.381 Brettle Development NeatUpload trunk.380 Brettle Development NeatUpload trunk.379
Not Vulnerable:	Brettle Development NeatUpload 1.2.17 Brettle Development NeatUpload 1.1.24 Brettle Development NeatUpload trunk.448

NeatUpload HTTPWorkerRequest.FlushResponse Information Disclosure Vulnerability

NeatUpload is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

This issue affects NeatUpload 1.2.11 to 1.2.16, 1.1.18 to 1.1.23, and trunk.379 to trunk.445.

NeatUpload HTTPWorkerRequest.FlushResponse Information Disclosure Vulnerability

Attackers can use a browser to exploit this issue.

NeatUpload HTTPWorkerRequest.FlushResponse Information Disclosure Vulnerability

Solution:
The vendor released updates to address this issue. Please see the references for more information.

NeatUpload HTTPWorkerRequest.FlushResponse Information Disclosure Vulnerability

References:

• NeatUpload Homepage (Brettle Development)
  
• NeatUpload vulnerability and fix ([email protected])