Microsoft IIS ODBC Tool getdrvrs.exe DSN Creation

high Nessus Plugin ID 11872

Language:

Synopsis

Sensitive data can be read or written on the remote host.

Description

ODBC tools are present on the remote host.

ODBC tools could allow a malicious user to hijack and redirect ODBC traffic, obtain SQL user names and passwords or write files to the local drive of a vulnerable server.

Example: http://www.example.com/scripts/tools/getdrvrs.exe

Solution

Remove ODBC tools from the /scripts/tools directory.

Plugin Details

Severity: High

ID: 11872

File Name: odbc_tools_check.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 10/8/2003

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 1/1/1999

Detections

Analytics