Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2058 |
Message | WEB-MISC MsmMask.exe attempt |
Summary | vulnerability in MondoSearch. |
Impact | Information disclosure |
Detailed Information | Versions of MondoSearch prior to 4.4.5156 use a vulnerable version of a cgi script named msmmask.exe. This script allows the attacker to view the source of any file in a webservers root directory. |
Affected Systems | MondoSearch versions prior to 4.4.5156. |
Attack Scenarios | The attacker needs to access the msmmask.exe script and request a file in the servers web directory. |
Ease of Attack | Simple |
Corrective Action | Upgrade the application to at least version 4.4.5156 or higher. |
Additional References | Nessus: http://cgi.nessus.org/plugins/dump.php3?id=11163 |
Rule References | nessus: 11163 |
--
DID:280266
--
http://www.aanval.com/