Description
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.
Affected products
- tarantella / tarantella_enterprise3.0 – 3.0
- tarantella / tarantella_enterprise3.10 – 3.10
- tarantella / tarantella_enterprise3.20 – 3.20