Path Disclosure Vulnerability in Google Mini by Google
CVE-2006-5019

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance
Vendor: CVE Published:; 27 September 2006

Summary

Google Mini versions 4.4.102.M.36 and earlier are susceptible to a path disclosure vulnerability. This issue arises when remote attackers exploit an invalid client parameter in a direct request to the /search endpoint. The system responds by revealing the server path within its error messages, potentially exposing sensitive directory structures to unauthorized users. Organizations employing affected versions of Google Mini should consider implementing immediate remediation measures.

References

http://securityreason.com/securityalert/1637

third-party-advisoryx_refsource_SREASON

http://users.tpg.com.au/adsl2dvp/advisories/200609-google...

x_refsource_MISC

http://www.securityfocus.com/archive/1/446728/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 27, 2006
Vulnerability Reserved
Sep 27, 2006