3com RAS 1500 Configuration Disclosure

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The remote host is susceptible to an information disclosure attack.

Description :

The remote 3com SuperStack II Remote Access System 1500 discloses
its user configuration (user_settings.cfg) when the file is
requested through the web interface.

This file contains the password (in clear text) of this device
as well as other sensitive information.

An attacker may use this flaw to gain the control of this host.

See also :

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0149.html

Solution :

Filter incoming traffic to this host.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 11480 (3com_config_disclosure.nasl)

Bugtraq ID: 7176

CVE ID: