|
|
Family: CGI abuses --> Category: infos
Gallery Install Log Information Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for Gallery install log
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to an
information disclosure issue.
Description :
The remote host is running Gallery, a web-based photo album
application written in PHP.
The installation of Gallery on the remote host places its data
directory under the web server's data directory and makes its install
log available to anyone. Using a simple GET request, a remote
attacker can retrieve this log and discover sensitive information
about the affected application and host, including installation paths,
the admin password hash, etc.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-11/0371.html
Solution :
Move the gallery data directory outside the web server's document root
or remove the file 'install.log' in that directory.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
