HTTP: Layton Technologies Helpbox product Password Disclosure
This signature detects attempts to exploit a known vulnerability against Layton Technologies Helpbox product. A successful attack can result in the attacker gaining unauthorized information about the target system without the victim's knowledge.
Extended Description
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.
Affected Products
Layton_technology helpbox
Short Name
HTTP:INFO-LEAK:LAYTON-TECH
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2012-4976 Disclosure Helpbox Layton Password Technologies product
Release Date
10/31/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Layton_technology
CVSS Score
5.0