| VID |
21794 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The ListManager software is vulnerable to an information disclosure vulnerability in error messages. Lyris ListManager is a web-based commercial mailing list management software utility written in Perl. Lyris ListManager version 8.9b and earlier versions could allow a remote attacker to obtain sensitive information such as the installation path, SQL queries, or product code in diagnostic messages, by requesting a non-existent page and reading the env variable from the resulting error message page, or by causing errors in TML scripts, such as via direct requests.
* References:
http://metasploit.com/research/vulns/lyris_listmanager/
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
http://www.frsirt.com/english/advisories/2005/2820
http://secunia.com/advisories/17943
* Platforms Affected:
Lyris Technologies, Inc., Lyris ListManager version 8.9b and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of ListManager (8.95b or later), available from the Lyris ListManager Download Web site at http://www.lyris.com/products/listmanager/download.html |
| Related URL |
CVE-2005-4148,CVE-2005-4149 (CVE) |
| Related URL |
15789 (SecurityFocus) |
| Related URL |
(ISS) |
|
