Title: Gattaca Server 2003 Multiple Path Disclosure Vulnerabilities
Severity: MODERATE
Description:
Gattaca Server 2003 is a server application that provides email and web serving services for the Microsoft Windows platform.
It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities.
By appending NULL bytes (%00) to URIs sent to Gattaca's web server, the server reportedly responds with an error page that contains the full installation path of the application.
By requesting a page with an invalid 'LANGUAGE' argument, the server reportedly responds with an error page that contains the full web document root path.
These vulnerabilities could be used by an attacker to aid them in further attacks against the server.
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.
Affected Products:
- GeeOS Team Gattaca Server 2003 1.1.10.0
References:
- GeeOS Team software: Gattaca Server
- dr_insane: Gattaca Server 2003 (1.1.10.0)
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
