Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks.
Hummingbird CyberDOCS (Hummingbird DM) is a web-based enterprise document management solution that runs on Windows NT/2000 using SQL database technology. A web page generated on an invalid login attempt discloses the full installation path of the web server.
A remote attacker could determine the complete installation path of the CyberDOCS web server. The attacker may be able to use this information to support other attacks.
Apply a patch or upgrade
For CyberDOCS 4.0, apply Patch 4 from the CyberDOCS support site. For versions of CyberDOCS prior to 4.0, Hummingbird recommends that customers upgrade to the most recent version of CyberDOCS.
This vulnerability was discovered and reported by ProCheckUp.
This document was written by Art Manion.
|Date First Published:||2003-10-09|
|Date Last Updated:||2003-10-10 13:34 UTC|