{"vuid":"VU#574739","idnumber":"574739","name":"Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL","keywords":["Beck GmbH","IPC@Chip","user input","disclose information","crafted URL"],"overview":"An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information.","clean_desc":"The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named \"ChipCfg\". Using a specially crafted url, an attacker can cause this cgi script to return sensitive network configuration data stored on the IPC@CHIP.","impact":"An intruder can gain access to sensitive network data stored on the IPC@CHIP.","resolution":"According to Ernest Schloesser of Beck IPC GmbH, the API allows removal of this CGI with the CGI_REMOVE function.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by \nSentry Research Labs","author":"This document was written by Ian A. Finlay.","public":["http://www.securityfocus.com/bid/2767","http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html"],"cveids":["CVE-2001-1341"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-06-05T16:09:01Z","publicdate":"2001-05-24T00:00:00Z","datefirstpublished":"2001-09-14T18:09:42Z","dateupdated":"2003-04-09T18:52:39Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"5","cam_impact":"8","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"6.75","cam_scorecurrentwidelyknown":"6.75","cam_scorecurrentwidelyknownexploited":"11.25","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.75,"vulnote":null}