NAI WebShield SMTP GET_CONFIG Information Disclosure

This script is Copyright (C) 2000-2011 Tenable Network Security, Inc.

Synopsis :

The remote management service is prone to information disclosure.

Description :

The remote NAI WebShield SMTP Management tool gives away its
configuration when it is issued the command :


This may be of some use to an attacker to gain more knowledge about
this system.

Solution :

Filter incoming traffic to this port. You may also restrict
the set of trusted hosts in the configuration console :
- go to the 'server' section
- select the 'trusted clients' tab
- and set the data accordingly

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7

Family: Misc.

Nessus Plugin ID: 10424 ()

Bugtraq ID: 1253

CVE ID: CVE-2000-0448