CVE-2009-4530
Mongoose < 2.8 - Unauthenticated Source Code Disclosure via ::$DATA URI Suffix
Title source: llmDescription
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.
References (2)
Core 2
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36934
Exploit x_refsource_misc
http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt
Scores
EPSS
0.0122
EPSS Percentile
65.2%
Details
CWE
CWE-200
Status
published
Products (2)
sergey_lyubka/mongoose
2.4
sergey_lyubka/mongoose
< 2.8
Published
Dec 31, 2009
Tracked Since
Feb 18, 2026