CVE-2002-2342 Information

Description

Bannermatic 1 2 and 3 stores the (1) ban.log (2) ban.bak (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control which allows attackers to obtain sensitive information via a direct request for the files.

Reference

http://marc.info/?l=vuln-dev&m=102121925428844&w=2 http://www.ifrance.com/kitetoua/tuto/5holes5.txt http://www.securityfocus.com/bid/4738