|
|
Family: CGI abuses --> Category: infos
Sawmill < 7.1.6 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Sawmill < 7.1.6
Detailed Explanation for this Vulnerability Test
Synopsis :
Description :
The remote host is running Sawmill, a weblog analysis package.
According to its version, the installation of Sawmill on the remote
host suffers from multiple vulnerabilities :
- An unspecified error allows an authenticated attacker to
gain administrative access.
- An unspecified error allows a remote attacker with no user
rights in use to add a license key.
- Multiple cross-site scripting flaws are possible against an
administrator via the 'Add user' window as well as via the
Licensing page.
See also :
http://www.networksecurity.fi/advisories/sawmill-admin.html
http://www.sawmill.net/version_history7.html
Solution :
Upgrade to Sawmill 7.1.6 or later.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
