|
|
Family: CGI abuses --> Category: attack
Fedora DS Administration Server Information Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for an information disclosure vulnerability in Fedora Directory Server Administration Server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by an information disclosure
vulnerability.
Description :
The remote host appears to be running Fedora Directory Server, a
directory server implementation for Fedora Core.
The Administration Server, which is used to manage Fedora DS, allows
an unauthenticated attacker to retrieve the admin password hash
through a simple GET request.
See also :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837
http://directory.fedora.redhat.com/wiki/FDS10Announcement
Solution :
Upgrade to Fedora Directory Server 1.0.1 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
