NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
BID:52196
Info
NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
| Bugtraq ID: | 52196 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1466 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 28 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | Prabhu S Angadi of SecPod Research Team |
| Vulnerable: |
NetMechanica NetDecision 4.5.1 |
| Not Vulnerable: |
NetMechanica NetDecision 4.6.1 |
Discussion
NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
NetDecision is prone to a source-code-disclosure vulnerability.
An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks.
NetDecision 4.5.1 is vulnerable; other versions may also be affected.
NetDecision is prone to a source-code-disclosure vulnerability.
An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks.
NetDecision 4.5.1 is vulnerable; other versions may also be affected.
Exploit / POC
NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
Attackers can exploit this issue through a browser.
The following exploit code is available:
Attackers can exploit this issue through a browser.
The following exploit code is available:
Solution / Fix
NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
References:
References:
- NetDecision 4.6.1 is released (maintenance) (NetMechanica)
- NetDecision Homepage (NetMechanica)
- Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerabi (Prabhu S Angadi of SecPod Technologies)