Short Name |
HTTP:INFO-LEAK:LAYTON-TECH |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Layton Technologies Helpbox product Password Disclosure |
Release Date |
2012/10/30 |
Update Number |
2199 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Layton Technologies Helpbox product. A successful attack can result in the attacker gaining unauthorized information about the target system without the victim's knowledge.
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.