| VID |
21968 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Gallery software is vulnerable to an information disclosure vulnerability via the 'install.log' file. Gallery is a Web-based photo album program written in PHP. Gallery versions prior to 2.0.2 have an information disclosure issue by 'install.log' file. Sensitive information is stored in an install log in the gallery data directory. Using a simple HTTP GET request message, a remote attacker could retrieve this log and traverse directories and obtain sensitive information, such as the Gallery installation paths, the admin password hash.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-11/0371.html
http://www.securityfocus.com/archive/1/archive/1/418200/100/0/threaded
http://www.securityfocus.com/bid/15614
http://www.frsirt.com/english/advisories/2005/2681
* Platforms Affected:
Bharat Mediratta, Gallery versions prior to 2.0.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Gallery (2.0.2 or later), available from the Gallery Project Page Web site at http://codex.gallery2.org/index.php/Gallery2:Download
As a workaround, move the gallery data directory outside the web server's document root or delete install.log file. |
| Related URL |
CVE-2005-4021 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
23337 (ISS) |
|
