Information Disclosure In Texis CGI Software

Reported February 6, 2001, by phinegeek.

VERSIONS AFFECTED

 

  • Any machine running Thunderstone’s Texis CGI software

 

DESCRIPTION
An information disclosure vulnerability exists in Thunderstone Software’s Texis CGI software in that a query for an invalid path will disclose the full path to webroot, and in some cases reveal information about the host system.

 

VENDOR RESPONSE

The vendor, Thunderstone, has been notified but has not released a response.

 

CREDIT
Discovered by phinegeek.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish