Phloc Webscopes - Information Disclosure via Logs

Description

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.

Severity

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:N/R:U/V:C/RE:M/U:Red

Weakness Enumeration

CWE-532 - Insertion of Sensitive Information into Log File