header-logo
Suggest Exploit
vendor:
WebTrends Reporting Center
by:
SecurityFocus
4.3
CVSS
MEDIUM
Path Disclosure
200
CWE
Product Name: WebTrends Reporting Center
Affected Version From: 6.1a
Affected Version To: 6.1a
Patch Exists: YES
Related CWE: N/A
CPE: a:webtrends:webtrends_reporting_center
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2002

WebTrends Reporting Center Management Interface Path Disclosure Vulnerability

The WebTrends Reporting Center management interface discloses installation path information when an invalid argument for an interface URI parameter is requested. This information may permit an attacker to enumerate the layout of the underlying file system of the host.

Mitigation:

Ensure that invalid arguments for interface URI parameters are not disclosed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9460/info

The WebTrends Reporting Center management interface discloses installation path information when an invalid argument for an interface URI parameter is requested. This information may permit an attacker to enumerate the layout of the underlying file system of the host.

This issue was reported for version 6.1a of the software running on Microsoft Windows. Other platforms and versions may also be affected.

http://www.example.com:1099/viewreport.pl?profileid=dontexist

Navigation

Suggest Exploit

Services By CQR