Detections
Analytics
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities
medium Nessus Plugin ID 10105
Synopsis
The remote host contains a web search engine that is affected by an information disclosure vulnerability.Description
The 'htsearch' CGI, which is part of the htdig package, allows anyone to read arbitrary files on the target host.Solution
Upgrade to htdigg 3.1.5 or later.See Also
Plugin Details
Severity: Medium
ID: 10105
File Name: htdig.nasl
Version: 1.36
Type: remote
Family: CGI abuses
Published: 3/3/2000
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Excluded KB Items: Settings/disable_cgi_scanning
Vulnerability Publication Date: 12/9/1999
Reference Information
CVE: CVE-1999-0978, CVE-2000-0208