Vulnerability Details : CVE-2011-1569
Potential exploit
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.
Vulnerability category: Information leak
Products affected by CVE-2011-1569
- cpe:2.3:a:douran:portal:3.9.7.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1569
8.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1569
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-1569
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1569
-
http://www.securityfocus.com/bid/46927
Douran Portal 'download.aspx' Arbitrary File Download VulnerabilityExploit
-
http://securityreason.com/securityalert/8180
Douran Portal File Download/Source Code Disclosure Vulnerability - CXSecurity.com
-
http://www.securityfocus.com/archive/1/517085/100/0/threaded
SecurityFocus
-
http://www.exploit-db.com/exploits/17011
Douran 3.9.7.8 - File Download/Source Code Disclosure - ASP webapps ExploitExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66177
Douran Portal download.aspx file download CVE-2011-1569 Vulnerability Report
-
http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/
Unrestricted File Download V1.0 – Windows Server | Soroush Dalili (@irsdl) – سروش دلیلی
Jump to