FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0435

This CVE name corresponds to:

Entered Topic
2011-08-13 dtc -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-0435 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-0435
Phase Assigned(20110112)

Description

Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.

References

Source Reference
MLIST [dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update
CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e
CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162
CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog
DEBIAN DSA-2179
SECUNIA 43523
VUPEN ADV-2011-0556
XF dtc-bwpermonth-info-disc(65896)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.