WebGUI Collaboration RSS Information Disclosure Vulnerability
BID:29927
Info
WebGUI Collaboration RSS Information Disclosure Vulnerability
| Bugtraq ID: | 29927 |
| Class: | Design Error |
| CVE: |
CVE-2008-3503 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 20 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | Erik Svanberg |
| Vulnerable: |
WebGUI WebGUI 7.5.11 (beta) |
| Not Vulnerable: |
WebGUI WebGUI 7.5.13 (beta) |
Discussion
WebGUI Collaboration RSS Information Disclosure Vulnerability
WebGUI is prone to an information-disclosure vulnerability because it does not properly restrict access to the RSS feed.
An attacker can exploit this vulnerability to access collaboration data without having the appropriate authentication credentials. Information obtained may aid in further attacks.
Versions prior to WebGUI 7.5.13 (beta) are vulnerable.
WebGUI is prone to an information-disclosure vulnerability because it does not properly restrict access to the RSS feed.
An attacker can exploit this vulnerability to access collaboration data without having the appropriate authentication credentials. Information obtained may aid in further attacks.
Versions prior to WebGUI 7.5.13 (beta) are vulnerable.
Exploit / POC
WebGUI Collaboration RSS Information Disclosure Vulnerability
Attackers can exploit this vulnerability via a browser.
Attackers can exploit this vulnerability via a browser.
Solution / Fix
WebGUI Collaboration RSS Information Disclosure Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Solution:
The vendor has released updates. Please see the references for more information.
References
WebGUI Collaboration RSS Information Disclosure Vulnerability
References:
References:
- WebGUI - Homepage (WebGUI)
- WebGUI: Security issue - collaboration rss (WebGUI)