WebTrends Reporting Center Management Interface Path Disclosure Vulnerability
BID:9460
Info
WebTrends Reporting Center Management Interface Path Disclosure Vulnerability
| Bugtraq ID: | 9460 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 20 2004 12:00AM |
| Updated: | Jan 20 2004 12:00AM |
| Credit: | Discovery of this issue is credited to Oliver Karow. |
| Vulnerable: |
WebTrends Reporting Center for Windows 6.1 a |
| Not Vulnerable: | |
Discussion
WebTrends Reporting Center Management Interface Path Disclosure Vulnerability
The WebTrends Reporting Center management interface discloses installation path information when an invalid argument for an interface URI parameter is requested. This information may permit an attacker to enumerate the layout of the underlying file system of the host.
This issue was reported for version 6.1a of the software running on Microsoft Windows. Other platforms and versions may also be affected.
The WebTrends Reporting Center management interface discloses installation path information when an invalid argument for an interface URI parameter is requested. This information may permit an attacker to enumerate the layout of the underlying file system of the host.
This issue was reported for version 6.1a of the software running on Microsoft Windows. Other platforms and versions may also be affected.
Exploit / POC
WebTrends Reporting Center Management Interface Path Disclosure Vulnerability
This issue may be exploited with a web browser. The following example was submitted:
http://www.example.com:1099/viewreport.pl?profileid=dontexist
This issue may be exploited with a web browser. The following example was submitted:
http://www.example.com:1099/viewreport.pl?profileid=dontexist
Solution / Fix
WebTrends Reporting Center Management Interface Path Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
WebTrends Reporting Center Management Interface Path Disclosure Vulnerability
References:
References:
- Reporting Center Homepage (WebTrends)
- WebTrends Reporting Center Path Disclosure vulnerability ("Oliver Karow"
)