Exposed information page on a Swiss military sports website allowed attackers to obtain details about the server
Other
NTCF:
NTCF-2023-60895
Product:
milsport
Vendor:
Federal Department of Defence
Criticality:
low
Status:
fixed
Discovered:
2023-08-13
Detail:
Public
Details
A Website for Swiss military sports contained a publicly accessible file that revealed server configuration and environment details.
In accordance with NTC Vulnerability Disclosure Policy, no technical details about this vulnerability will be publicly disclosed. Further details may be provided on a case by case basis. Please use the contact form and provide an explanation for your request.
The Federal Department of Defence (DDPS) immediately acknowledged the vulnerability and fixed it. According to the DDPS there is no indication that the vulnerability has been exploited by malicious actors. The data concerned was of technical nature and did not contain any personal data or classified information.
Timeline
2023-08-13: initial discovery
2023-08-14: first contact to vendor
2023-08-14: private disclosure to vendor
2023-08-16: fix by vendor
2024-06-27: public disclosure