Info

Disclosure

Sep 23, 2004

Discovery

Unknown

Dates

Exploit

Sep 23, 2004

Solution

Unknown

Description

ActivePost Standard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when files are uploaded to the server, which will respond disclosing the full path of the uploaded file on the server. This flaw results in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

ONNURI INFOTEK Co	ActivePost Standard	3.1
		3.0
		2.5

References

Security Tracker: 1011406
Related OSVDB ID: 10233 10234 10236
Secunia Advisory ID: 12642
CVE ID: 2004-2616 (see also: NVD)
Other Advisory URL: http://aluigi.altervista.org/adv/actp-adv.txt
http://www.securityfocus.com/archive/1/376151
Generic Exploit URL: http://aluigi.altervista.org/poc/actpup.zip
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0852.html
Vendor Specific Solution URL: http://www.activepost.net/
Keyword: TCP Port 6004

Credit

Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

ONNURI INFOTEK Co

ActivePost Standard

References

Credit