Plack::App::File Information Disclosure Vulnerability
BID:69185
Info
Plack::App::File Information Disclosure Vulnerability
| Bugtraq ID: | 69185 |
| Class: | Design Error |
| CVE: |
CVE-2014-5269 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 11 2014 12:00AM |
| Updated: | Apr 13 2015 09:16PM |
| Credit: | avar |
| Vulnerable: |
Tatsuhiko Miyagawa Plack::App::File 1.0030 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 |
| Not Vulnerable: |
Tatsuhiko Miyagawa Plack::App::File 1.0031 |
Discussion
Plack::App::File Information Disclosure Vulnerability
Plack::App::File is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information. Successful exploits may lead to other attacks.
Versions prior to Plack::App::File 1.0031 are vulnerable.
Plack::App::File is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information. Successful exploits may lead to other attacks.
Versions prior to Plack::App::File 1.0031 are vulnerable.
Exploit / POC
Plack::App::File Information Disclosure Vulnerability
An attacker may use readily available tools to exploit this issue.
An attacker may use readily available tools to exploit this issue.
References
Plack::App::File Information Disclosure Vulnerability
References:
References:
- Plack::App::File - Changelog (Tatsuhiko Miyagawa)
- Plack::App::File - Github page (Tatsuhiko Miyagawa)
- Plack::App::File prunes trailing slashes via split() invocation (avar)