Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Traffic Grapher Server. The vulnerability is caused due to improper validation of malicious HTTP GET request to Traffic Grapher Server ‘default.nd’ with invalid HTTP version number followed by multiple ‘CRLF’, which discloses the source code of ‘default.nd’

POC : Download here.

More information can be found here.

CVE Info : CVE-2012-1466

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments