Main Vulnerability Database SB2011092301

SB2011092301 - Full path disclosure in OpenRealty

Published: September 23, 2011 Updated: March 14, 2017

Security Bulletin ID SB2011092301

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2011-3765)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to incorrect error handling when displaying PHP-related errors. A remote attacker can directly request certain .php files and obtain full installation path of the web application.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Remediation

Install update from vendor's website.

References

http://www.openwall.com/lists/oss-security/2011/06/27/6