|
Family: CGI abuses --> Category: infos
YaBB Information Disclosure Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of YaBB.pl
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that suffers from an
information disclosure vulnerability.
Description :
The 'YaBB.pl' CGI script is installed on the remote host. This script
has a well documented security flaw that lets a possible hacker read arbitrary
files with the rights of the http daemon (usually root or nobody).
See also :
http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html
Solution :
Remove 'YaBB.pl' or upgrade to the latest version.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|