|
Family: CGI abuses --> Category: infos
Redhat Stronghold File System Disclosure Vulnerability Scan
Vulnerability Scan Summary Redhat Stronghold File System Disclosure
Detailed Explanation for this Vulnerability Test
Redhat Stronghold Secure Server File System Disclosure Vulnerability
The problem:
In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that
allows a remote attacker to disclose sensitive system files including
the httpd.conf file, if a restricted access to the server status
report is not enabled when using those features.
This may assist a possible hacker in performing further attacks.
By trying the following urls, a possible hacker can gather sensitive
information:
http://target/stronghold-info will give information on configuration
http://target/stronghold-status will return among other information
the list of request made
Please note that this attack can be performed after a default
installation. The vulnerability seems to affect all previous version
of Stronghold.
Vendor status:
Patch was released (November 19, 2001)
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|