Описание
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 7.0.1 (включая)
Одно из
cpe:2.3:a:paperthin:commonspot_content_server:*:*:*:*:*:*:*:*
cpe:2.3:a:paperthin:commonspot_content_server:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:paperthin:commonspot_content_server:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:paperthin:commonspot_content_server:8.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00315
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.
EPSS
Процентиль: 54%
0.00315
Низкий
5 Medium
CVSS2
Дефекты
CWE-200