Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> dotProject docs Directory Information Disclosure Vulnerabilities


Vulnerability Assessment Details

dotProject docs Directory Information Disclosure Vulnerabilities

Vulnerability Assessment Summary
Checks for docs directory information disclosure vulnerabilities in dotProject

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP application that is affected by
multiple information disclosure vulnerabilities.

Description :

The remote host is running dotProject, a web-based, open-source,
project management application written in PHP.

The installed version of dotProject discloses sensitive information
because it lets an unauthenticated attacker call scripts in the 'docs'
directory.

See also :

http://www.securityfocus.com/archive/1/424957/30/0/threaded
http://www.dotproject.net/vbulletin/showthread.php?t=4462

Solution :

Remove the application's 'doc' directory.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors

Hynix RAM 16GB 4pcs 4GB 2RX8 DDR3 1066MHz 1066 PC3-8500S SO-DIMM Laptop Memory &
$53.99
Hynix RAM 16GB 4pcs 4GB 2RX8 DDR3 1066MHz 1066 PC3-8500S SO-DIMM Laptop Memory & pictureAmd Radeon 8gb Memory x2
$45.0
Amd Radeon 8gb Memory x2  pictureCrucial 8GB (2X4 Stick) CT51264BF160B.C16FER2 PC3-12800 DDR3 1600 Laptop Memory
$20.0
Crucial 8GB (2X4 Stick) CT51264BF160B.C16FER2 PC3-12800 DDR3 1600 Laptop Memory pictureMicron 8GB DDR4 RAM PC4-19200 2400MHz NonECC Desktop Memory MTA8ATF1G64AZ-2G3B1
$31.99
Micron 8GB DDR4 RAM PC4-19200 2400MHz NonECC Desktop Memory MTA8ATF1G64AZ-2G3B1 picture


Discussions

No Discussions have been posted on this vulnerability.