Описание
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
Ссылки
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- Patch
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03275
Низкий
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
EPSS
Процентиль: 87%
0.03275
Низкий
5 Medium
CVSS2
Дефекты
CWE-22