Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

  • Post author:
  • Reading time:1 mins read

SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Traffic Grapher Server. The vulnerability is caused due to improper validation of malicious HTTP GET request to Traffic Grapher Server ‘default.nd’ with invalid HTTP version number followed by multiple ‘CRLF’, which discloses the source code of ‘default.nd’

POC : Download here.

More information can be found here.

CVE Info : CVE-2012-1466

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

Share this article