Janetter Information Disclosure Vulnerability
BID:52555
Info
Janetter Information Disclosure Vulnerability
| Bugtraq ID: | 52555 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0328 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2012 12:00AM |
| Updated: | Mar 19 2012 12:00AM |
| Credit: | Kazuhiko Kusano |
| Vulnerable: |
Jane Janetter 3.2.1.1 |
| Not Vulnerable: |
Jane Janetter 3.3 Jane Janetter 3.3.0.0 |
Discussion
Janetter Information Disclosure Vulnerability
Janetter is prone to an information disclosure vulnerability.
An attacker can exploit this issue to disclose user session information on computers running the vulnerable application. This may aid in further attacks.
Janetter for Windows versions prior to 3.3.0.0 are vulnerable.
Janetter for Macintosh versions prior to 3.3.0 are vulnerable.
Janetter is prone to an information disclosure vulnerability.
An attacker can exploit this issue to disclose user session information on computers running the vulnerable application. This may aid in further attacks.
Janetter for Windows versions prior to 3.3.0.0 are vulnerable.
Janetter for Macintosh versions prior to 3.3.0 are vulnerable.
Exploit / POC
Janetter Information Disclosure Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Janetter Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Janetter Information Disclosure Vulnerability
References:
References:
- Janetter Homepage (Jane)
- JVN#10745573 Janetter vulnerable to information disclosure (Kazuhiko Kusano)
- JVNDB-2012-000026 Janetter vulnerable to information disclosure (Kazuhiko Kusano)