|
|
Family: CGI abuses --> Category: infos
Hosting Controller < 6.1 Hotfix 2.1 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Hosting Controller < 6.1 hotfix 2.1
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP application with multiple flaws.
Description :
According to its version number, the version of Hosting Controller on
the remote host suffers from multiple vulnerabilities:
- An authenticated user can modify another user's profile,
even an admin's, recover his/her password, and then gain
access to the affected application as that user.
- An authenticated user can view, edit, and even delete
reseller add-on plans.
- The scripts 'sendpassword.asp' and 'error.asp' are prone
to cross-site scripting attacks.
See also :
http://securitytracker.com/alerts/2005/May/1014062.html
http://securitytracker.com/alerts/2005/May/1014071.html
http://www.securityfocus.com/archive/1/403571/30/0/threaded
Solution :
Upgrade to version 6.1 if necessary and apply Hotfix 2.1.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:L/Au:R/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
