Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cacheflow | cacheos | 3.1.02 |
| cacheflow | cacheos | 3.1.14 |
| cacheflow | cacheos | 3.1.03 |
| cacheflow | cacheos | 3.1.17 |
| cacheflow | cacheos | 4.0.12 |
| cacheflow | cacheos | 3.1.07 |
| cacheflow | cacheos | 3.1.06 |
| cacheflow | cacheos | 4.0.13 |
| cacheflow | cacheos | 3.1.09 |
| cacheflow | cacheos | 3.1.11 |
| cacheflow | cacheos | 3.1.12 |
| cacheflow | cacheos | 0.0 |
| cacheflow | cacheos | 3.1.18 |
| cacheflow | cacheos | 3.1.08 |
| cacheflow | cacheos | 3.1.04 |
| cacheflow | cacheos | 3.1.05 |
| cacheflow | cacheos | 4.0.11 |
| cacheflow | cacheos | 3.1.19 |
| cacheflow | cacheos | 3.1.20 |
| cacheflow | cacheos | 3.1.16 |
| cacheflow | cacheos | 3.1.15 |
| cacheflow | cacheos | 3.1.10 |
| cacheflow | cacheos | 3.1.13 |