Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SmartClient 信息泄露漏洞
Vulnerability Description
Smartclient是Smartclient公司的一个智能解决方案,使构建基于纯 Web 标准的强大、高效的 Web 应用程序变得简单。 SmartClient 12.0版本中存在信息泄露漏洞。攻击者可通过向/tools/developerConsoleOperations.jsp或 /isomorphic/IDACall发送‘_transaction’参数中带有畸形XML数据的POST请求利用该漏洞获取该应用程序的绝对路径。
CVSS Information
N/A
Vulnerability Type
N/A