SkunkWeb 'sw.log' Insecure File Permissions Vulnerability
BID:58138
Info
SkunkWeb 'sw.log' Insecure File Permissions Vulnerability
| Bugtraq ID: | 58138 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 24 2013 12:00AM |
| Updated: | Feb 24 2013 12:00AM |
| Credit: | Agostino Sarubbo |
| Vulnerable: |
Drew Csillag SkunkWeb 0 |
| Not Vulnerable: | |
Discussion
SkunkWeb 'sw.log' Insecure File Permissions Vulnerability
SkunkWeb is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
SkunkWeb is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
References
SkunkWeb 'sw.log' Insecure File Permissions Vulnerability
References:
References:
- SkunkWeb Product Page (Drew Csillag)
- CVE request: skunkweb world-readable logdir (Agostino Sarubbo)