|
Family: CGI abuses --> Category: infos
Asterisk Recording Interface Configuration File Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to read ARI's configuration file
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
an information disclosure issue.
Description :
The remote host is running Asterisk Recording Interface (ARI), a
web-based portal for the Asterisk PBX software.
The version of ARI installed on the remote host allows an
unauthenticated attacker to view its configuration file, which
contains sensitive information such as passwords.
See also :
http://www.securityfocus.com/archive/1/431655/30/0/threaded
Solution :
Upgrade to ARI 0.10 / Asterisk@Home 2.8 or later.
Threat Level:
Low / CVSS Base Score : 3.3
(AV:R/AC:L/Au:NR/C:C/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|