Family: CGI abuses --> Category: infos
Alchemy Eye HTTP Command Execution Vulnerability Scan
Vulnerability Scan Summary
Acertains if arbitrary commands can be executed by Alchemy Eye
Detailed Explanation for this Vulnerability Test
Alchemy Eye and Alchemy Network Monitor are network management
tools for Microsoft Windows. The product contains a built-in HTTP
server for remote monitoring and control. This HTTP server allows
arbitrary commands to be run on the server by a remote attacker.
(Taken from the security announcement by http://www.rapid7.com.)
Solution : Either disable HTTP access in Alchemy Eye, or require
authentication for Alchemy Eye. Both of these can be set in the
Alchemy Eye preferences.
More Information : http://www.securityfocus.com/archive/1/243404
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.