HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure."

在Geo++ GNCASTER 1.4.0.7 及更早版本中，HTTP 身份验证实现允许远程攻击者通过发送大请求并尝试错误的身份验证来读取其他用户的认证头，其中包括响应中的敏感内存。注意：某些来源将这称为“内存泄漏”，但更准确地说是“内存泄露”。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）