BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bugport | Incogen | 1.090 (including) | 1.090 (including) |
Bugport | Incogen | 1.091 (including) | 1.091 (including) |
Bugport | Incogen | 1.092 (including) | 1.092 (including) |
Bugport | Incogen | 1.093 (including) | 1.093 (including) |
Bugport | Incogen | 1.094 (including) | 1.094 (including) |
Bugport | Incogen | 1.095 (including) | 1.095 (including) |
Bugport | Incogen | 1.096 (including) | 1.096 (including) |
Bugport | Incogen | 1.097 (including) | 1.097 (including) |
Bugport | Incogen | 1.098 (including) | 1.098 (including) |