Secunia Security Advisory - John Martinelli has reported a vulnerability in Bradford Campus Manager, which can be exploited by malicious people to gain unprivileged access to restricted data.
1b4644c3295ba2b90b3c7b940765373f795314eb6c32547dec037cf1b9a2dc5d
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
Join the FREE BETA test of the Network Software Inspector (NSI)!
http://secunia.com/network_software_inspector/
The NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Bradford Campus Manager Information Disclosure
SECUNIA ADVISORY ID:
SA25138
VERIFY ADVISORY:
http://secunia.com/advisories/25138/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
>From local network
SOFTWARE:
Bradford Campus Manager 3.x
http://secunia.com/product/14150/
DESCRIPTION:
John Martinelli has reported a vulnerability in Bradford Campus
Manager, which can be exploited by malicious people to gain
unprivileged access to restricted data.
The directories runTime/ and remediationReports/ are not password
protected, despite containing sensitive information such as backups,
log files, and configuration files.
The vulnerability is reported in version 3.1(6). Other versions may
also be affected.
SOLUTION:
Filter malicious requests in a proxy or firewall with URL filtering
capabilities.
PROVIDED AND/OR DISCOVERED BY:
John Martinelli
ORIGINAL ADVISORY:
http://www.john-martinelli.com/work/campusmanager.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------