Whale Communications e-Gap Security Appliance 2.5 - Login Page Source Code Disclosure

EDB-ID:

23545

CVE:





Platform:

Hardware

Date:

2004-01-15


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/9431/info

The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of the login script. The login page is used to build a simple form for collecting and submitting the username and the password to the e-Gap server. The authentication logic is not part of this page and cannot be viewed by the attacker. The information contained in the login page is not typically sensitive.

TRACE / HTTP/1.0