Showing 1 - 1 of 1

CVE-2015-6940

Status Candidate

Overview

The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain passwords and other sensitive information via a file name in the resource parameter.

Related Files

Pentaho 5.2.x BA Suite / PDI Information Disclosure: Posted Sep 18, 2015; Authored by Gregory Draperi; Pentaho version 5.2.x GA BA Suite and PDI allow unauthenticated access to configuration files. The GetResource servlet, a vestige of the old platform UI, allows unauthenticated access to resources in the pentaho-solutions/system folder. Specifically vulnerable are properties files that may reveal passwords.; tags | exploit, info disclosure; advisories | CVE-2015-6940; SHA-256 | 0888853ff4779b5907a0ff21cd8ea09daabbccf2686a3c59adcb64e634280c5e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 133 files
Ubuntu 103 files
Debian 16 files
LiquidWorm 10 files
Google Security Research 10 files
Abdulhakim Oner 8 files
Ivan Fratric 5 files
fearzzzz 5 files
nu11secur1ty 5 files
Jann Horn 4 files

File Archives

Systems

AIX (426)
Apple (1,951)
BSD (370)
CentOS (56)
Cisco (1,919)
Debian (6,712)
Fedora (1,691)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (338)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,108)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,912)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,439)
UNIX (9,207)
UnixWare (185)
Windows (6,531)
Other

CVE-2015-6940

Overview

Related Files

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems