Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:MIDICART-DB

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 MidiCart Database Disclosure

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: MidiCart Database Disclosure


This signature detects attempts to exploit a known vulnerability in MidiCart, a shopping cart application for MS Access and SQL database. MidiCart stores customer information in a database that has insecure permissions. Attackers who know where the customer database is located can use a Web browser to download it.

Extended Description

Midicart ASP is a commercially available e-commerce solution distributed by Coxco Support. It is available for the Microsoft Windows operating system. The default installation of Midicart ASP does not place sufficient access control on the midicart.mdb file. Due to this lack of access control, it is possible for a remote user to gain access to this file. This file may yield sensitive customer information, such as customer names, addresses, and credit card information.

Affected Products

  • Coxco Support Midicart ASP
  • Coxco Support Midicart ASP Maxi
  • Coxco Support Midicart ASP Plus

References

  • BugTraq: 5438
  • CVE: CVE-2002-1432
  • URL: http://securityvulns.com/docs3346.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out