Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:INFO-LEAK:LAYTON-TECH |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Layton Technologies Helpbox product Password Disclosure |
Release Date |
2012/10/30 |
Update Number |
2199 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Layton Technologies Helpbox product Password Disclosure
This signature detects attempts to exploit a known vulnerability against Layton Technologies Helpbox product. A successful attack can result in the attacker gaining unauthorized information about the target system without the victim's knowledge.
Extended Description
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.
Affected Products
- Layton_technology helpbox 4.4.0
References
- CVE: CVE-2012-4976
- URL: http://www.laytontechnology.com