[原文]BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information.
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Incogen BugPort contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a users accesses the config.conf file in the conf directory, which will disclose all of the configuration information resulting in a loss of confidentiality.
Upgrade to version 1.099 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.