|
Family: CGI abuses --> Category: infos
IlohaMail Insecure Install Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of conf/conf.inc
Detailed Explanation for this Vulnerability Test
The remote host is running Ilohamail, a web-based mail interface written
in PHP.
The remote installation of this software is not configured properly,
in the sense that it allows any user to download its configuration
files by requesting one of these files :
/conf/conf.inc
/conf/custom_auth.inc
The content of these files may contain sensitive information which may
help a possible hacker to organize better attacks against the remote host.
Solution : Prevent the download of .inc files at the web server level
Risk Factor : Medium
Click HERE for more information and discussions on this network vulnerability scan.
|