Detections
Analytics

WebSpeed Development Mode Check

high Nessus Plugin ID 25087

Language:

Synopsis

The remote web server uses a web application framework that is operating in development mode.

Description

The remote web server is using WebSpeed, a website creation language used with database-driven websites.

The installation of WebSpeed on the remote host is configured to operate in 'Development' rather than 'Production' mode, which could allow users to discover sensitive information and even run uncompiled WebSpeed code on the affected host, subject to the privileges of the web server user id.

Solution

Change WebSpeed's Agent Application Mode to 'Production' if desired.

See Also

http://www.nessus.org/u?ebc8bc92

Plugin Details

Severity: High

ID: 25087

File Name: webspeed_devmode.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 4/26/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning