ОНЯРХМЦ Я bagtraq
Communigate Pro,
сЪГБХЛШ БЯЕ БЕПЯХХ Communigate Pro МХФЕ 4.0b4.
бШ ЛНФЕРЕ ОНКСВХРЭ КХЯРХМЦ ДХПЕЙРНПХХ, НАПЮЫЮЪЯЭ Й Communigate Pro webmail, ОПХЛЕП: http://host.com/. ХКХ http://host.com/..
пЕАЪРЮ ХГ Communigate НРБЕРХКХ ВРН НМХ ХЯОПЮБЪР АЮЦ, Х ЯНЯКЮКХЯЭ Й РНЛС ВРН ЩРН МЕ АПЕЬЭ Б ГЮЫХРЕ, ОНЯЙНКЭЙС ДНЯРСОЮ ДКЪ ГЮОХЯХ РСДЮ МЕР, Х ЯНДЕПФЮМХЕ ЩРНЦН ЙЮРЮКНЦЮ МЕ ХЛЕЕР МХЙЮЙНЦН ХМРЕПЕЯЮ, ДПСЦХЕ ЙЮРЮКНЦХ МЕ ДНЯРСОМШ ОН ДЮММНЛС ОСРХ.
дЮКЕЕ нПХЦХМЮК:
Problem:
An anonymous user can see the listing of the current and parent directory of CommuniGatePro WebUser directory.
Vulnerable:
All current versions of CommuniGatePro <= 4.0b4
Details:
You can get the listing of directory by accessing the CommuiGatePro webmail for example http://host.com/. or http://host.com/..
Vendor Response:
"Thanks for telling, we'll fix it.
Fortunately it's not a security hole since there's no write access, the
contents of that directory is of no interest and other directories are not
accessible this way."
Получено Sat Jul 06 08:13:26 2002
Этот архив был сгенерирован hypermail 2.1.8 : Fri 24 Apr 2015 - 16:12:13 MSK