Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6361

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6361
Last Modified 15 Nov 2008 02:04:23
Published 14 Dec 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6361

Summary

Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.

Vulnerable Systems

Application

  • Gekkoware Gekko 0.8.2


References

XF - gekko-temp-directory-path-disclosure(38735)

BUGTRAQ - 20071128 Re: Gekko <=0.8.2 (temp directory) Path Disclosure

BUGTRAQ - 20071128 Gekko <=0.8.2 (temp directory) Path Disclosure

OSVDB - 44151

SREASON - 3451


Last Updated: 27 May 2016 10:46:28