|
|
Family: CGI abuses --> Category: infos
dotProject docs Directory Information Disclosure Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for docs directory information disclosure vulnerabilities in dotProject
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple information disclosure vulnerabilities.
Description :
The remote host is running dotProject, a web-based, open-source,
project management application written in PHP.
The installed version of dotProject discloses sensitive information
because it lets an unauthenticated attacker call scripts in the 'docs'
directory.
See also :
http://www.securityfocus.com/archive/1/424957/30/0/threaded
http://www.dotproject.net/vbulletin/showthread.php?t=4462
Solution :
Remove the application's 'doc' directory.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
