|
Family: CGI abuses --> Category: infos
WebSpeed remote configuration Vulnerability Scan
Vulnerability Scan Summary Checks if webspeed can be administered
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an application that is prone to privilege
escalation attacks.
Description :
The remote web server appears to be using Webspeed, a website creation
language used with database-driven websites.
The version of Webspeed installed on the remote host allows anonymous
access to the 'WSMadmin' utility, which is used configure Webspeed. An
attacker can exploit this issue to gain control of the affected
application.
See also :
http://archives.neohapsis.com/archives/bugtraq/2000-02/0013.html
Solution :
Edit the 'ubroker.properties' file and change 'AllowMsngrCmds=1' to
'AllowMsngrCmds=0'.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|