Stellar Docs Malformed Query Path Disclosure

medium Nessus Plugin ID 11817

Language:

Synopsis

The remote service is vulnerable to information disclosure.

Description

The remote host is running StellarDocs

There is a flaw in this system which may allow an attacker to obtain the physical path of the remote installation of StellarDocs.

Solution

Upgrade to the latest version of this software

See Also

https://www.securityfocus.com/archive/1/332565

Plugin Details

Severity: Medium

ID: 11817

File Name: stellardocs_path_disclosure.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 8/11/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/12/2003

Reference Information

BID: 8385