|
Family: CGI abuses --> Category: infos
MS Site Server Information Leak Vulnerability Scan
Vulnerability Scan Summary Determine if the remote host is vulnerable to a disclosure vuln.
Detailed Explanation for this Vulnerability Test
The remote web server seems to leak information when some
pages are accessed using the account 'LDAP_AnonymousUser' with
the password 'LdapPassword_1'.
Pages which leak information include, but are not limited to :
/SiteServer/Admin/knowledge/persmbr/vs.asp
/SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
/SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
/SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
A possible hacker may use this flaw to modify data on this host
Solution : Install SP4 for Site Server 3.0
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|