Overview
Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks.
Description
Hummingbird CyberDOCS (Hummingbird DM) is a web-based enterprise document management solution that runs on Windows NT/2000 using SQL database technology. A web page generated on an invalid login attempt discloses the full installation path of the web server. |
Impact
A remote attacker could determine the complete installation path of the CyberDOCS web server. The attacker may be able to use this information to support other attacks. |
Solution
Apply a patch or upgrade For CyberDOCS 4.0, apply Patch 4 from the CyberDOCS support site. For versions of CyberDOCS prior to 4.0, Hummingbird recommends that customers upgrade to the most recent version of CyberDOCS. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered and reported by ProCheckUp.
This document was written by Art Manion.
Other Information
| CVE IDs: | None |
| Severity Metric: | 0.27 |
| Date Public: | 2003-10-06 |
| Date First Published: | 2003-10-09 |
| Date Last Updated: | 2003-10-10 13:34 UTC |
| Document Revision: | 15 |