Back to search
CVE-2002-2389
Published: Oct 31, 2007
Modified: Sep 17, 2024
PUBLISHED
Description
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
fastlink-theserver-plaintext-passwords(9624)
vdb-entry
x_refsource_XF
1004799
vdb-entry
x_refsource_SECTRACK
20020717 TheServer cleartext password sillyness.
mailing-list
x_refsource_FULLDISC
20021014 TheServer log file access password in cleartext w/vendor resolution.
mailing-list
x_refsource_BUGTRAQ
5250
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now