Description
Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/.
Affected products
References
- MISChttp://securityreason.com/securityalert/2698
- MISChttp://www.securityfocus.com/archive/1/467490/100/0/threaded
- MISChttp://osvdb.org/35820
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/34042
- MISChttp://www.john-martinelli.com/work/campusmanager.txt
- VENDOR_ADVISORYhttp://secunia.com/advisories/25138