Detections
Analytics

ListManager Error Message Information Disclosure

medium Nessus Plugin ID 20295

Language:

Synopsis

The remote web server is vulnerable to an information disclosure attack.

Description

The remote host appears to be running ListManager, a web-based commercial mailing list management application from Lyris.

In response to a request for a nonexistent page, the version of ListManager on the remote host returns sensitive information such as the installation path and software version as well as possibly SQL queries, code blocks, or the entire CGI environment.

Solution

Unknown at this time.

See Also

https://seclists.org/fulldisclosure/2005/Dec/374

Plugin Details

Severity: Medium

ID: 20295

File Name: listmanager_errormsg_info_disclosure.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 12/12/2005

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Vulnerability Publication Date: 12/8/2005

Reference Information

CVE: CVE-2005-4148, CVE-2005-4149

BID: 15789