[原文]Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie.
Hummingbird Collaboration Application Cookie Internal Network Information Disclosure
Remote / Network Access
Loss of Confidentiality
Hummingbird Collaboration contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when URL specifically crafted to take advantage of 'hc' to retrieve a file, is sent, which will disclose intranet IP addresses and enumerations of valid parameter values to a remote attacker in the form of an error message or a cookie.
The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.