Info

Disclosure

Dec 17, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

bitweaver contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides invalid input to a number of unspecified scripts, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Upgrade to version 1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

bitweaver	bitweaver	1.1
		1.1.1 beta

References

Related OSVDB ID: 21919 21920 21921 21922 21923 21924 21925 21926 21927 21928
VUPEN Advisory: ADV-2005-2975
Keyword: formerly TikiPro
Other Advisory URL: http://pridels.blogspot.com/2005/12/bitweaver-multiple-vuln.html
Vendor URL: http://www.bitweaver.org
Vendor Specific News/Changelog Entry: http://www.bitweaver.org/forums/viewtopic.php?t=1299

Credit

r0t - krustevsgooglemail.com - UNSECURED SYSTEMS

Direct URL: http://osvdb.org/36218