CVE-2011-0435

Published: Mar 7, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

43523

third-party-advisory

x_refsource_SECUNIA

ADV-2011-0556

vdb-entry

x_refsource_VUPEN

http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog

x_refsource_CONFIRM

http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e

x_refsource_CONFIRM

DSA-2179

vendor-advisory

x_refsource_DEBIAN

dtc-bwpermonth-info-disc(65896)

vdb-entry

x_refsource_XF

http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162

x_refsource_CONFIRM

http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog

x_refsource_CONFIRM

[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-0435

Description

Affected Products

References