Computer Security
[EN] securityvulns.ru no-pyccku


PEAR::MDB2 information leak
Published:13.12.2007
Source:
SecurityVulns ID:8445
Type:library
Threat Level:
5/10
Description:Under some conditions it's possible to proxy requests to different objects, including local files.
CVE:CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.)
Original documentdocumentGENTOO, [ GLSA 200712-05 ] PEAR::MDB2: Information disclosure (13.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod