Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2062 |
Message | WEB-MISC iPlanet .perf access |
Summary | server performance and statistics package. |
Impact | Information disclosure |
Detailed Information | iPlanet web server uses the file .perf to display performance statistics for the server. An attacker can access the statistics for the server by making a request for the file .perf. |
Affected Systems | iPlanet web servers using this object. |
Attack Scenarios | The attacker merely needs to access http://www.foo.com/.perf |
Ease of Attack | Simple |
Corrective Action | Disallow viewing of web server statistics from external sources. Remove the appropriate lines from the obj.conf file to disallow viewing of server performance statistics. |
Additional References | |
Rule References | nessus: 11220 |
--
DID:355449
--
http://www.aanval.com/