CVE-2000-1100 Information

Description

The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.

Reference

http://archives.neohapsis.com/archives/bugtraq/2000-11/0433.html http://www.securityfocus.com/bid/2029