CVE-2012-1466

NetMechanica NetDecision < 4.5.1 - Unauthenticated Source Code Exposure via Invalid Version Number

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1466. PoCs published by SecPod Research.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Netmechanica NetDecision Traffic Grapher Server 4.5.1 by sending a malformed HTTP GET request with an invalid HTTP version number followed by multiple CRLF sequences, which causes the server to disclose the source code of 'default.nd'.

Description

The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SecPod Research · textremotewindows

https://www.exploit-db.com/exploits/18542

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in Netmechanica NetDecision Traffic Grapher Server 4.5.1 by sending a malformed HTTP GET request with an invalid HTTP version number followed by multiple CRLF sequences, which causes the server to disclose the source code of 'default.nd'.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Netmechanica NetDecision Traffic Grapher Server version 4.5.1

No auth needed

Prerequisites: Network access to the target server on port 8087

MITRE ATT&CK