Movable Type mt.cfg Information Disclosure

medium Nessus Plugin ID 16170

Synopsis

A web application running on the remote host is disclosing sensitive information.

Description

The remote host is running Movable Type. The file 'mt.cfg' is publicly accessible, and contains information that should not be exposed.

Solution

Configure your web server not to serve .cfg files.

Plugin Details

Severity: Medium

ID: 16170

File Name: movabletype_cfg.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 1/14/2005

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:sixapart:movable_type

Required KB Items: Settings/ParanoidReport, www/movabletype

Exploited by Nessus: true