Hummingbird CyberDOCS running on Microsoft Internet Information Services (IIS) sets insecure permissions on script source code files. A remote attacker could read the contents of unprotected files.
Hummingbird CyberDOCS (Hummingbird DM) is a web-based enterprise document management solution that runs on Windows NT/2000 using SQL database technology. CyberDOCS on IIS does not configure the web server to adequately restrict access to script source files.
An unauthenticated, remote attacker could read the script source code contained in files with insecure permissions. Script source code may contain sensitive information such as database credentials.
Modify IIS file permissions
According to Hummingbird:
This vulnerability was discovered and reported by ProCheckUp.
This document was written by Art Manion.
|Date First Published:||2003-10-09|
|Date Last Updated:||2003-10-10 13:29 UTC|