Info

Disclosure

Dec 23, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

CommonSpot Content Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when 'loader.cfm' is accessed with an invalid 'url' parameter, which will disclose the full path to the 'loader.cfm' script, resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

PaperThin, Inc.

CommonSpot Content Server

4.5

References

Secunia Advisory ID: 18257
CVE ID: 2005-4575 (see also: NVD)
Related OSVDB ID: 21931
Other Advisory URL: http://pridels.blogspot.com/2005/12/commonspot-content-server-vuln.html
Vendor URL: http://www.paperthin.com/

Credit

r0t - krustevsgooglemail.com - UNSECURED SYSTEMS

Direct URL: http://osvdb.org/21932