CVE-2004-2518
published 2004-12-31CVE-2004-2518: Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE…
PriorityP412medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.46%
90.2th percentile
Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geeos_team | gattaca_server_2003 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gattaca Server 2003 - 'Language' Path Exposure
exploitdb·2004-07-15
CVE-2004-2518 Gattaca Server 2003 - 'Language' Path Exposure
Gattaca Server 2003 - 'Language' Path Exposure
---
source: https://www.securityfocus.com/bid/10729/info
It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities.
By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error pages that contain the full installation path of the application and the web document root path.
These vulnerabilities could be used by an attacker to aid them in further attacks against the server.
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=[whatever]
Exploit-DB
Gattaca Server 2003 - Null Byte Full Path Disclosure
exploitdb·2004-07-15
CVE-2004-2518 Gattaca Server 2003 - Null Byte Full Path Disclosure
Gattaca Server 2003 - Null Byte Full Path Disclosure
---
source: https://www.securityfocus.com/bid/10729/info
It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities.
By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error pages that contain the full installation path of the application and the web document root path.
These vulnerabilities could be used by an attacker to aid them in further attacks against the server.
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.
http://www.example.com/%00
No writeups or analysis indexed.
http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txthttp://secunia.com/advisories/12071http://securitytracker.com/id?1010703http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion%3Baction=display%3Bnum=1091194176%3Bstart=0#0http://www.osvdb.org/7922http://www.osvdb.org/7923http://www.securityfocus.com/bid/10729https://exchange.xforce.ibmcloud.com/vulnerabilities/16699https://exchange.xforce.ibmcloud.com/vulnerabilities/16700http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txthttp://secunia.com/advisories/12071http://securitytracker.com/id?1010703http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion%3Baction=display%3Bnum=1091194176%3Bstart=0#0http://www.osvdb.org/7922http://www.osvdb.org/7923http://www.securityfocus.com/bid/10729https://exchange.xforce.ibmcloud.com/vulnerabilities/16699https://exchange.xforce.ibmcloud.com/vulnerabilities/16700
2004-12-31
Published