Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

Credit Card Data Disclosure in CitrusDB

Severity

Medium

Family

Web application abuses

CVSSv2 Base

5.0

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Solution Type

Vendor Patch

Created

18 years ago

Modified

5 years ago

CitrusDB uses a textfile to temporarily store credit card information. This textfile is located in the web tree via a static URL and thus accessible to third parties. It also isn't deleted after processing resulting in a big window of opportunity for an attacker.

Solution

Update to CitrusDB version 0.3.6 or higher and set the option '$path_to_ccfile' in the configuration to a path not accessible via HTTP. Workaround : Either deny access to the file using access restriction features of the remote webserver or change CitrusDB to use a file outside the document root and not accessible via HTTP.

Common Vulnerabilities and Exposures (CVE)

CVE-2005-0229

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Credit Card Data Disclosure in CitrusDB

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Solution

Solution

Common Vulnerabilities and Exposures (CVE)