Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-16899

System Information Leak: External (CRM/Core/Error.php)

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Trivial
          • Resolution: Fixed/Completed
          • Affects Version/s: 4.6.5
          • Fix Version/s: 4.4.17, 4.6.7
          • Component/s: Core CiviCRM
          • Security Level: Security - Published
          • Labels:
            None
          • Documentation Required?:
            None
          • Funding Source:
            Contributed Code

            Description

            See PDF for full details

            Summary
            The program might reveal system data or debugging information in with a call to on line . The information revealed by could help an adversary form a plan of attack.Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack.
            Explanation

            An external information leak occurs when system data or debugging information leaves the program to a remote machine via a socket or network connection.
            In this case system data or debugging information is produced by and leaked by in CRM/Core/Error.php line 337

              Attachments

                Activity

                  People

                  • Assignee:
                    nganivet Nicolas Ganivet
                    Reporter:
                    xurizaemon Chris Burgess
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    5 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: