NAI WebShield SMTP GET_CONFIG Information Disclosure

This script is Copyright (C) 2000-2011 Tenable Network Security, Inc.


Synopsis :

The remote management service is prone to information disclosure.

Description :

The remote NAI WebShield SMTP Management tool gives away its
configuration when it is issued the command :

GET_CONFIG

This may be of some use to an attacker to gain more knowledge about
this system.

Solution :

Filter incoming traffic to this port. You may also restrict
the set of trusted hosts in the configuration console :
- go to the 'server' section
- select the 'trusted clients' tab
- and set the data accordingly

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)

Family: Misc.

Nessus Plugin ID: 10424 ()

Bugtraq ID: 1253

CVE ID: CVE-2000-0448