Short Name |
HTTP:INFO-LEAK:BANNERMATIC |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Bannermatic Information Disclosure |
Release Date |
2005/08/02 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to access several files contained in the Bannermatic software suite. The files ban.log, ban.bak, ban.dat and banmat.pwd contain sensitive data.
Bannermatic is a banner ad rotation system maintained by Joe DePasquale of GetCruising. Bannermatic is subject to an information disclosure issue. Reportedly, ban.log, ban.bak, ban.dat and banmat.pwd are world readable and all contain sensitive data. Obtaining the information contained within either file, could result in the attacker launching further attacks against the host.