Intrusion Prevention

Cart32.Expdate

Description

This indicates an information leak vulnerability in Cart32 program.


Cart32 is a Shopping Cart system software designed for Windows environment. An attacker can send a specially-crafted request to the program to purposely trigger errors. The error messages returned may contain sensitive information about administrative account and contents of cgi-bin directory.


Affected Products

Any unprotected Cart32 3.0 is vulnerable to the attack.

Impact

Information leak may assist future attacks

Recommended Actions

Block remote access to use cart32.exe/expdate.


Upgrade the Cart32 to the latest non-vulnerable version.

CVE References

CVE-2000-0430

Other References

1