This script is Copyright (C) 2012 Tenable Network Security, Inc.
A web development application hosted on the remote web server has a
security bypass vulnerability.
According to its self-reported version number, the version of
WaveMaker installed on the remote host has a security bypass
vulnerability. Any projects deployed with WaveMaker Studio before
6.4.6 are affected by this vulnerability. A remote attacker could
exploit this by requesting project services using unspecified URLs.
See also :
Upgrade to WaveMaker 6.4.6 or later.
Existing projects should be redeployed by WaveMaker Studio 6.4.6 or
later in order to address this issue. If redeployment is not
possible, consider the workaround referenced in the WaveMaker 6.4.6
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 60063 ()
Bugtraq ID: 54196