Описание
BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information.
Ссылки
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:incogen:bugport:1.090:*:*:*:*:*:*:*
cpe:2.3:a:incogen:bugport:1.091:*:*:*:*:*:*:*
cpe:2.3:a:incogen:bugport:1.092:*:*:*:*:*:*:*
cpe:2.3:a:incogen:bugport:1.093:*:*:*:*:*:*:*
cpe:2.3:a:incogen:bugport:1.094:*:*:*:*:*:*:*
cpe:2.3:a:incogen:bugport:1.095:*:*:*:*:*:*:*
cpe:2.3:a:incogen:bugport:1.096:*:*:*:*:*:*:*
cpe:2.3:a:incogen:bugport:1.097:*:*:*:*:*:*:*
cpe:2.3:a:incogen:bugport:1.098:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00357
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information.
EPSS
Процентиль: 57%
0.00357
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other