header-logo
Suggest Exploit
vendor:
e-GAP Appliance
by:
SecurityFocus
2.6
CVSS
LOW
Source Code Disclosure
N/A
CWE
Product Name: e-GAP Appliance
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

e-GAP Appliance Source Code Disclosure Vulnerability

The e-GAP appliance is vulnerable to source code disclosure when it handles unexpected HTTP requests. An attacker can send a TRACE request to the appliance and view the source code of the login script.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9431/info

The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of the login script. The login page is used to build a simple form for collecting and submitting the username and the password to the e-Gap server. The authentication logic is not part of this page and cannot be viewed by the attacker. The information contained in the login page is not typically sensitive.

TRACE / HTTP/1.0

Navigation

Suggest Exploit

Services By CQR