|
Family: CGI abuses --> Category: infos
ustorekeeper file reading Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of ustorekeeper.pl
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that allows reading
arbitrary files.
Description :
The 'ustorekeeper.pl' CGI script installed on the remote host allows
a possible hacker to read arbitrary files subject to the rights of the
http daemon (usually root or nobody).
See also :
http://marc.theaimsgroup.com/?l=bugtraq&m=98633176230748&w=2
Solution :
Remove the CGI script.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|