Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.
2002-03-25T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cacheflow | cacheos | 0.0 | Yes |
| Application | cacheflow | cacheos | 3.1.02 | Yes |
| Application | cacheflow | cacheos | 3.1.03 | Yes |
| Application | cacheflow | cacheos | 3.1.04 | Yes |
| Application | cacheflow | cacheos | 3.1.05 | Yes |
| Application | cacheflow | cacheos | 3.1.06 | Yes |
| Application | cacheflow | cacheos | 3.1.07 | Yes |
| Application | cacheflow | cacheos | 3.1.08 | Yes |
| Application | cacheflow | cacheos | 3.1.09 | Yes |
| Application | cacheflow | cacheos | 3.1.10 | Yes |
| Application | cacheflow | cacheos | 3.1.11 | Yes |
| Application | cacheflow | cacheos | 3.1.12 | Yes |
| Application | cacheflow | cacheos | 3.1.13 | Yes |
| Application | cacheflow | cacheos | 3.1.14 | Yes |
| Application | cacheflow | cacheos | 3.1.15 | Yes |
| Application | cacheflow | cacheos | 3.1.16 | Yes |
| Application | cacheflow | cacheos | 3.1.17 | Yes |
| Application | cacheflow | cacheos | 3.1.18 | Yes |
| Application | cacheflow | cacheos | 3.1.19 | Yes |
| Application | cacheflow | cacheos | 3.1.20 | Yes |
| Application | cacheflow | cacheos | 4.0.11 | Yes |
| Application | cacheflow | cacheos | 4.0.12 | Yes |
| Application | cacheflow | cacheos | 4.0.13 | Yes |