Description
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.
Products
- Steve Kneizys Agora.cgi 3.2
- Steve Kneizys Agora.cgi 3.2a
- Steve Kneizys Agora.cgi 3.2b
- Steve Kneizys Agora.cgi 3.2c
- Steve Kneizys Agora.cgi 3.2d
- Steve Kneizys Agora.cgi 3.2e
- Steve Kneizys Agora.cgi 3.2f
- Steve Kneizys Agora.cgi 3.2g
- Steve Kneizys Agora.cgi 3.2h
- Steve Kneizys Agora.cgi 3.2i
- Steve Kneizys Agora.cgi 3.2j
- Steve Kneizys Agora.cgi 3.2ja
- Steve Kneizys Agora.cgi 3.2k
- Steve Kneizys Agora.cgi 3.2l
- Steve Kneizys Agora.cgi 3.2m
- Steve Kneizys Agora.cgi 3.2n
- Steve Kneizys Agora.cgi 3.2p
- Steve Kneizys Agora.cgi 3.2q
- Steve Kneizys Agora.cgi 3.2r
- Steve Kneizys Agora.cgi 3.3a
- Steve Kneizys Agora.cgi 3.3b
- Steve Kneizys Agora.cgi 3.3c
- Steve Kneizys Agora.cgi 3.3d
- Steve Kneizys Agora.cgi 3.3e
- Steve Kneizys Agora.cgi 3.3f
- Steve Kneizys Agora.cgi 3.3i
- Steve Kneizys Agora.cgi 3.3j
- Steve Kneizys Agora.cgi 4.0
- Steve Kneizys Agora.cgi 4.0a
- Steve Kneizys Agora.cgi 4.0b
- Steve Kneizys Agora.cgi 4.0c
- Steve Kneizys Agora.cgi 4.0d
- Steve Kneizys Agora.CGI 4.0e
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0215, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0215 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References