|
Family: CGI abuses --> Category: infos
Vignette Application Portal Information Disclosure Vulnerability Scan
Vulnerability Scan Summary Request /portal/diag
Detailed Explanation for this Vulnerability Test
The remote host is running Vignette Application Portal, a commercially available
portal suite.
There is an information disclosure vulnerability in the remote version
of this software. A possible hacker can request the diagnostic utility which
will disclose information about the remote site by requesting /portal/diag/.
See also : http://www.atstake.com/research/advisories/2004/a092804-1.txt
Solution : Restrict access to the diag directory
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|