PUBLISHED DATE: December 31, 2002CVE-2002-2289:
soinfo.php in BadBlue 1.7.1...

Description

soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.

Products

• Working Resources Inc. BadBlue 1.7.1

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2002-2289, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2002-2289 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• http://webappsec.pbworks.com/Information-Leakage
• https://capec.mitre.org/data/definitions/116.html
• https://capec.mitre.org/data/definitions/13.html
• https://capec.mitre.org/data/definitions/169.html
• https://capec.mitre.org/data/definitions/22.html
• https://capec.mitre.org/data/definitions/224.html
• https://capec.mitre.org/data/definitions/285.html
• https://capec.mitre.org/data/definitions/287.html
• https://capec.mitre.org/data/definitions/290.html
• https://capec.mitre.org/data/definitions/291.html
• https://capec.mitre.org/data/definitions/292.html
• https://capec.mitre.org/data/definitions/293.html
• https://capec.mitre.org/data/definitions/294.html
• https://capec.mitre.org/data/definitions/295.html
• https://capec.mitre.org/data/definitions/296.html
• https://capec.mitre.org/data/definitions/297.html
• https://capec.mitre.org/data/definitions/298.html
• https://capec.mitre.org/data/definitions/299.html
• https://capec.mitre.org/data/definitions/300.html
• https://capec.mitre.org/data/definitions/301.html
• https://capec.mitre.org/data/definitions/302.html
• https://capec.mitre.org/data/definitions/303.html
• https://capec.mitre.org/data/definitions/304.html
• https://capec.mitre.org/data/definitions/305.html
• https://capec.mitre.org/data/definitions/306.html
• https://capec.mitre.org/data/definitions/307.html
• https://capec.mitre.org/data/definitions/308.html
• https://capec.mitre.org/data/definitions/309.html
• https://capec.mitre.org/data/definitions/310.html
• https://capec.mitre.org/data/definitions/312.html
• https://capec.mitre.org/data/definitions/313.html
• https://capec.mitre.org/data/definitions/317.html
• https://capec.mitre.org/data/definitions/318.html
• https://capec.mitre.org/data/definitions/319.html
• https://capec.mitre.org/data/definitions/320.html
• https://capec.mitre.org/data/definitions/321.html
• https://capec.mitre.org/data/definitions/322.html
• https://capec.mitre.org/data/definitions/323.html
• https://capec.mitre.org/data/definitions/324.html
• https://capec.mitre.org/data/definitions/325.html
• https://capec.mitre.org/data/definitions/326.html
• https://capec.mitre.org/data/definitions/327.html
• https://capec.mitre.org/data/definitions/328.html
• https://capec.mitre.org/data/definitions/329.html
• https://capec.mitre.org/data/definitions/330.html
• https://capec.mitre.org/data/definitions/472.html
• https://capec.mitre.org/data/definitions/497.html
• https://capec.mitre.org/data/definitions/508.html
• https://capec.mitre.org/data/definitions/573.html
• https://capec.mitre.org/data/definitions/574.html
• https://capec.mitre.org/data/definitions/575.html
• https://capec.mitre.org/data/definitions/576.html
• https://capec.mitre.org/data/definitions/577.html
• https://capec.mitre.org/data/definitions/59.html
• https://capec.mitre.org/data/definitions/60.html
• https://capec.mitre.org/data/definitions/616.html
• https://capec.mitre.org/data/definitions/643.html
• https://capec.mitre.org/data/definitions/646.html
• https://capec.mitre.org/data/definitions/651.html
• https://capec.mitre.org/data/definitions/79.html
• https://nvd.nist.gov/vuln/detail/CVE-2002-2289