Detections
Analytics

Zope Invalid Query Path Disclosure

medium Nessus Plugin ID 11769

Language:

Synopsis

The remote web server contains an application server that is prone to an information disclosure attack.

Description

The remote Zope web server may be forced into disclosing its physical path when calling 'Examples/ShoppingCart/addItems' with a blank quantity.

Note that this install is also likely to be affected by several other vulnerabilities, although Nessus has not checked for them.

Solution

Delete the directory '/Examples'.

See Also

http://www.nessus.org/u?3b6ae986

Plugin Details

Severity: Medium

ID: 11769

File Name: zope_invalid_query_path_disclosure.nasl

Version: 1.17

Type: remote

Family: Web Servers

Published: 6/23/2003

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/zope

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7999