|
Family: CGI abuses --> Category: infos
GForge Information Disclosure Vulnerability Scan
Vulnerability Scan Summary Checks for a flaw in GForge
Detailed Explanation for this Vulnerability Test
The remote host is running GForge, a CVS repository browser written
in PHP.
The remote version of this software is vulnerable to an information disclosure
vulnerability.
By supplying a malformed parameter to the scripts 'controller.php' and 'controlleroo.php',
a possible hacker may force the remote CGI to disclose the content of arbitrary directories
stored on the remote host.
Solution: Upgrade to GForge 4.0.0 or newer
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|