Talentsoft.WebPlus.InternalIP.Disclosure

description-logoDescription

It indicates an information disclosure vulnerability in TalentSoft Web+ Application Server webplus.exe program.


Talentsoft Web+ is a web application server that can be integrated with various web technologies. There exists a vulnerability in one of the CGI applications implemented using Web+. A remote attacker can retrieve the internal IP address in a Network Address Translation (NAT) environment running Web+ by requesting a specially-crafted URL.

affected-products-logoAffected Products

Any unprotected TalentSoft Web Client/Server/Monitor 4.6 is vulnerable to the attack.

Impact logoImpact

Attackers can gain internal IP address information on the victim system to prepare for further attacks.

recomended-action-logoRecommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-04-09 14.589 Default_action:pass:drop