SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Traffic Grapher Server. The vulnerability is caused due to improper validation of malicious HTTP GET request to Traffic Grapher Server ‘default.nd’ with invalid HTTP version number followed by multiple ‘CRLF’, which discloses the source code of ‘default.nd’
POC : Download here.
More information can be found here.
CVE Info : CVE-2012-1466
Welcome any feedback or suggestion.
Cheers!
SecPod Research Team