Gattaca Server 2003多个路径披露漏洞

Gattaca Server 2003 1.1.10.0版本存在漏洞。远程攻击者可以借助（1）URL的拖尾空字节(\”\\%00\”)或者（2）web.tmpl的无效LANGUAGE参数获得敏感信息，该漏洞在出错消息中泄露了安装的全部路径。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: members.lycos.co.uk
链接:http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt

来源: XF
名称: gattaca-language-path-disclosure(16700)
链接:http://xforce.iss.net/xforce/xfdb/16700

来源: XF
名称: gattaca-null-path-disclosure(16699)
链接:http://xforce.iss.net/xforce/xfdb/16699

来源: BID
名称: 10729
链接:http://www.securityfocus.com/bid/10729

来源: OSVDB
名称: 7923
链接:http://www.osvdb.org/7923

来源: OSVDB
名称: 7922
链接:http://www.osvdb.org/7922

来源: www.gattaca-server.com
链接:http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0

来源: SECTRACK
名称: 1010703
链接:http://securitytracker.com/id?1010703

来源: SECUNIA
名称: 12071
链接:http://secunia.com/advisories/12071