Description
Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.
Products
- Cacheflow CacheOS 0.0
- Cacheflow CacheOS 3.1.02
- Cacheflow CacheOS 3.1.03
- Cacheflow CacheOS 3.1.04
- Cacheflow CacheOS 3.1.05
- Cacheflow CacheOS 3.1.06
- Cacheflow CacheOS 3.1.07
- Cacheflow CacheOS 3.1.08
- Cacheflow CacheOS 3.1.09
- Cacheflow CacheOS 3.1.10
- Cacheflow CacheOS 3.1.11
- Cacheflow CacheOS 3.1.12
- Cacheflow CacheOS 3.1.13
- Cacheflow CacheOS 3.1.14
- Cacheflow CacheOS 3.1.15
- Cacheflow CacheOS 3.1.16
- Cacheflow CacheOS 3.1.17
- Cacheflow CacheOS 3.1.18
- Cacheflow CacheOS 3.1.19
- Cacheflow CacheOS 3.1.20
- Cacheflow CacheOS 4.0.11
- Cacheflow CacheOS 4.0.12
- Cacheflow CacheOS 4.0.13
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0107, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0107 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References