CVE-2010-5078 Information
Description
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.
Reference
http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10 http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 http://open.silverstripe.org/ticket/5031 http://secunia.com/advisories/42346 http://www.openwall.com/lists/oss-security/2011/01/03/12 http://www.openwall.com/lists/oss-security/2012/04/30/1 http://www.openwall.com/lists/oss-security/2012/04/30/3 http://www.openwall.com/lists/oss-security/2012/05/01/3 http://www.osvdb.org/69888 http://www.securityfocus.com/bid/45367 https://exchange.xforce.ibmcloud.com/vulnerabilities/63990
Share on: