Talentsoft.WebPlus.InternalIP.Disclosure
Description
It indicates an information disclosure vulnerability in TalentSoft Web+ Application Server webplus.exe program.
Talentsoft Web+ is a web application server that can be integrated with various web technologies. There exists a vulnerability in one of the CGI applications implemented using Web+. A remote attacker can retrieve the internal IP address in a Network Address Translation (NAT) environment running Web+ by requesting a specially-crafted URL.
Affected Products
Any unprotected TalentSoft Web Client/Server/Monitor 4.6 is vulnerable to the attack.
Impact
Attackers can gain internal IP address information on the victim system to prepare for further attacks.
Recommended Actions
Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-04-09 | 14.589 | Default_action:pass:drop |