| VID |
21151 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The '/WebShop/templates/cc.txt' file is exposed and an incorrect configuration of the Webcart CGI program could disclose private information (customer order information).
The Web Shopper is a shopping cart/cart management product by iNetLab (www.inetlab.com).
* References:
http://www.cgisecurity.com/archive/shop/hhp-webshop_adv%231.txt
http://www.inetlab.com/products.html |
| Recommendation |
Use suitable permissions to ensure that the files are not world-readable, and PGP options would illiminate most of the problems. |
| Related URL |
CVE-1999-0610 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
