CommonSpot loader.cfm path disclosure
| commonspot-loader-path-disclosure (23865) |  Low Risk |
Description:
CommonSpot Content Server could disclose sensitive information. A remote attacker could send a specially-crafted URL request to the loader.cfm using an invalid search parameter which would return an error message that contains the full installation path. An attacker could use this information to launch further attacks against the vulnerable system.
Platforms Affected:
- PaperThin, CommonSpot 4.5 and prior
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Obtain Information
References:
- PaperThin Homepage, CommonSpot Content Server - Efficient Content Management at http://www.paperthin.com/.
- UNSECURED SYSTEMS 12/23/2005, CommonSpot Content Server vuln. at http://pridels.blogspot.com/2005/12/commonspot-content-server-vuln.html.
- CVE-2005-4575: PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message.
- OSVDB ID: 21932: CommonSpot Content Server loader.cfm errmsg Variable Path Disclosure
- SA18257: CommonSpot "bNewWindow" Cross-Site Scripting Vulnerability
Reported:
Dec 23, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net