Note:
This project will be discontinued after December 13, 2021. [more]
2009-12-31
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.
| Products | Mongoose |
| Type | Information Exposure (CWE-200) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://secunia.com/advisories/36934
• http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt |