Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Redhat Stronghold File System Disclosure Vulnerability Scan


Vulnerability Scan Summary
Redhat Stronghold File System Disclosure

Detailed Explanation for this Vulnerability Test

Redhat Stronghold Secure Server File System Disclosure Vulnerability

The problem:
In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that
allows a remote attacker to disclose sensitive system files including
the httpd.conf file, if a restricted access to the server status
report is not enabled when using those features.
This may assist a possible hacker in performing further attacks.

By trying the following urls, a possible hacker can gather sensitive
information:
http://target/stronghold-info will give information on configuration
http://target/stronghold-status will return among other information
the list of request made

Please note that this attack can be performed after a default
installation. The vulnerability seems to affect all previous version
of Stronghold.

Vendor status:
Patch was released (November 19, 2001)

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.