ValiCert Enterprise Validation Authority Path Disclosure Vulnerability

The ValiCert Validation Authority delivers a comprehensive, scalable and reliable framework for validating digital certificates, issued by any certificate authority, in real time.

A vulnerability exists that could allow a malicious user to view the full path of the ValiCert installation.

If a malicious user were to send Enterprise VA an HTTP request to add a custom extension of a non-existant type, the server will return an error page containing the relative path to the Enterprise VA installation. The location of the application on the filesystem could be considered sensitive information and could be used to launch further attacks against the host.


Privacy Statement
Copyright 2010, SecurityFocus