QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0551

Published: Feb 4, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20100127 [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_OSVDB

gncaster-server-info-disclosure(55978)

vdb-entry

x_refsource_XF

http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.