Cyclades AlterPath Manager Information Disclosure

AlterPath Manager (APM) Console Server


AlterPath Manager (APM) reveals sensitive system information without authentication.

Systems Affected:
AlterPath Manager 1.1.0 and below

Technical Description:
The APM reveals sensitive information, including:

  • Boot Version
  • Kernel Version
  • Config Version
  • OS Version
  • AP Version
  • Hardware information

This information is available through the web interface via the /about.html page.

This issue was corrected in APM release 1.2.0. For older versions, it may be possible to disable the web interface and connect to consoles via SSH only.

Vendor Status:

  • Cyclades was notified on 12/13/2004 and confirmed receipt on 12/14/2004.
  • Cyclades responded to an inquiry on 1/20/2005 to confirm version 1.2.5 would address this issue.
  • Cyclades responded to an inquiry on 2/15/2005 to state they still did not have a release date, but did not respond with more information.
  • Released on 2/23/2005.
  • Cyclades responded on 2/25/2005 to clear up version information.


Updated information can be found on under the following entries:

OSVDB-14073 Cyclades AlterPath Manager Information Disclosure


  • Advisory listed 1.2.0 as vulnerable, which was incorrect. This was fixed as of APM version 1.2.0.
  • Vulnerabilities: