Vulnerability Note VU#989580
Hummingbird CyberDOCS sets insecure permissions on script source code files
Hummingbird CyberDOCS running on Microsoft Internet Information Services (IIS) sets insecure permissions on script source code files. A remote attacker could read the contents of unprotected files.
Hummingbird CyberDOCS (Hummingbird DM) is a web-based enterprise document management solution that runs on Windows NT/2000 using SQL database technology. CyberDOCS on IIS does not configure the web server to adequately restrict access to script source files.
An unauthenticated, remote attacker could read the script source code contained in files with insecure permissions. Script source code may contain sensitive information such as database credentials.
Modify IIS file permissions
According to Hummingbird:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hummingbird||Affected||17 Sep 2003||10 Oct 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered and reported by ProCheckUp.
This document was written by Art Manion.
- CVE IDs: Unknown
- Date Public: 06 Oct 2003
- Date First Published: 09 Oct 2003
- Date Last Updated: 10 Oct 2003
- Severity Metric: 1.08
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.