Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
iE Integrator 'acm.ini' 信息泄露漏洞
Vulnerability Description
iE Integrator 4.4.220114在没有使用acm.ini中的"专门编写的错误页面"进行配置时,远程攻击者可以借助在integrator/apps目录中调用不存在的.aspx脚本(可导致出现显示安装路径、web服务器名、IP、端口、会话cookie信息以及IIS系统用户名的出错信息)的URL获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A