HTTP: CART32 Info Leak
This signature detects attempts to exploit a known vulnerability in Murtrey/Whitaker & Associates Cart32 3.0, a popular shopping cart application for Internet store fronts; cart32.exe v2.6 and v3.0 are vulnerable. Attackers can send a malicious URL request to obtain debugging information.
Extended Description
By appending the string "/expdate" to a request for the cart32.exe executable, (http: //target/cgi-bin/cart32.exe/expdate) an attacker can access an error message followed by a debugging page containing the server variables, the Cart32 administration directory and possibly the contents of the cgi-bin.
Affected Products
Mcmurtrey/whitaker_&_associates cart32
Short Name
HTTP:INFO-LEAK:CART32-INFO-LEAK
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CART32 CVE-2000-0430 Info Leak bid:1358
Release Date
01/22/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Mcmurtrey/whitaker_&_associates
CVSS Score
5.0