12Planet Chat Server Error Message Path Disclosure

Medium Nessus Plugin ID 11592


The remote web server contains a Java application that is affected by an information disclosure vulnerability.


The remote host is running 12Planet Chat Server - a web-based chat server written in Java.

There is a flaw in this version which allows an attacker to obtain the physical path of the installation by sending a malformed request to this service.

Knowing this information will help an attacker to make more focused attacks.


The solution is unknown.

Plugin Details

Severity: Medium

ID: 11592

File Name: 12planet_chat_server_path_disclosure.nasl

Version: $Revision: 1.18 $

Type: remote

Family: Web Servers

Published: 2003/05/07

Modified: 2011/08/18

Dependencies: 10107, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 7355

OSVDB: 50428