|
Best Security Research |
|
» | netVigilance is an active contributor to nvd.nist.gov
|
» | Every vulnerability in our database is independently scored according to CVSS 2.0
|
» | Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
|
» |
netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
|
» | Our Professional Services team will validate any vulnerability Scoring for you.
|
Fact: More than 15 vulnerabilities were discovered EVERY day of 2009
Description:
LifeType is a Blogging platform built with PHP, designed with maximum customizability, speed and ease of use in mind. Due to program flaws it is possible for the remote attacker to disclose the true path of the server-side script.
External References:
Mitre CVE: CVE-2006-6112
NVD NIST: CVE-2006-6112
OSVDB: 30685 30686
Summary:
LifeType is a blogging platform built with PHP, designed with maximum customizability, speed and ease of use in mind.
A security problem in the product allows attackers to gather the true path of the server-side script.
Release Date:
November 30 2006
Severity:
Risk: Low
CVSS Metrics
Access Vector: Remote
Access Complexity: Low
Authentication: not-required
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Impact Bias: Normal
CVSS Base Score: 2.3
Target Distribution on Internet: Low
Exploitability: Functional Exploit
Remediation Level: Official Fix
Report Confidence: Confirmed
Vulnerability Impact: Attack
Host Impact: Path disclosure.
SecureScout Testcase ID:
TC 17938
Vulnerable Systems:
Lifetype version 1.1.2 and earlier
Vulnerability Type:
Program flaw - The bayesianfilter.class.php and bootstrap.php scripts has flaws which lead to a Warning or even Fatal Errors.
Vendor Status:
The Vendor has been notified. LifeType has released an immediate patch, Soon to be released version 1.1.3 and above solves the problem.
For Additional information see vendors release here !
To download latest version goto Lifetype's download section
Workaround:
Disable warning messages: modify in the php.ini file following line display_errors = Off .
Or modify .htaccess file (this will work only for the apache servers).
Example:
HTTP REQUEST http://[TARGET]/[lifetype-directory]/class/bootstrap.php
REPLY
......
Notice: Use of undefined constant PLOG_CLASS_PATH - assumed 'PLOG_CLASS_PATH' in [FULL PATH TO FILE]bootstrap.php on line 24
Warning: main(PLOG_CLASS_PATHclass/object/exception.class.php): failed to open stream: No such file or directory in [FULL PATH TO FILE]bootstrap.php on line 24
Warning: main(): Failed opening 'PLOG_CLASS_PATHclass/object/exception.class.php' for inclusion (include_path='.;/usr/local/php/PEAR') in [FULL PATH TO FILE]bootstrap.php on line 24
Notice: Use of undefined constant PLOG_CLASS_PATH - assumed 'PLOG_CLASS_PATH' in
or
HTTP REQUEST http://[TARGET]/[lifetype-directory]/class/security/bayesianfilter.class.php
REPLY
...
Notice: Use of undefined constant PLOG_CLASS_PATH - assumed 'PLOG_CLASS_PATH' in [FULL PATH TO FILE]bayesianfilter.class.php on line 3
Warning: main(PLOG_CLASS_PATHclass/security/pipelinefilter.class.php): failed to open stream: No such file or directory in [FULL PATH TO FILE]bayesianfilter.class.php on line 3
Warning: main(): Failed opening 'PLOG_CLASS_PATHclass/security/pipelinefilter.class.php' for inclusion (include_path='.;/usr/local/php/PEAR') in [FULL PATH TO FILE]bayesianfilter.class.php on line 3
Notice: Use of undefined constant PLOG_CLASS_PATH - assumed 'PLOG_CLASS_PATH' in [FULL PATH TO FILE]bayesianfilter.class.php on line 4
Warning: main(PLOG_CLASS_PATHclass/net/client.class.php): failed to open stream: No such file or directory in [FULL PATH TO FILE]bayesianfilter.class.php on line 4
Warning: main(): Failed opening 'PLOG_CLASS_PATHclass/net/client.class.php' for inclusion (include_path='.;/usr/local/php/PEAR') in [FULL PATH TO FILE]bayesianfilter.class.php on line 4
Fatal error: Class bayesianfilter: Cannot inherit from undefined class pipelinefilter in [FULL PATH TO FILE]bayesianfilter.class.php on line 29
...
Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com
Copyright©2004-2011, netVigilance, Inc. All rights reserved • Privacy Policy