Hummingbird CyberDocs DocsFusion server files containing source script code can be accessed
| hummingbird-docsfusionserver-file-access (13397) |  Medium Risk |
Description:
Hummingbird CyberDocs DocsFusion server, running on Microsoft Internet Information Services (IIS), could allow a remote attacker to obtain sensitive information, caused by insecure permissions. A remote attacker could access source files that contain source code to obtain sensitive information.
Consequences:
Obtain Information
Remedy:
No remedy available as of July 9, 2011.
References:
- ProCheckUp Security Bulletin PR03-02: Hummingbird CyberDocs DocsFusion server 2.12 and prior program source code reading vulnerability.
- CVE-2003-1102: Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.
- SA9985: CyberDOCS Multiple Vulnerabilities
- US-CERT VU#989580: Hummingbird CyberDOCS sets insecure permissions on script source code files
Platforms Affected:
- Hummingbird CyberDOCS 3.5
- Hummingbird CyberDOCS 3.9
- Hummingbird CyberDOCS 4.0
Reported:
Oct 09, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net