Detections
Analytics
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
medium Nessus Plugin ID 10015
Synopsis
The remote host contains a CGI script that is affected by an information disclosure vulnerability.Description
It is possible to read the content of any files on the remote host (such as your configuration files or other sensitive data) by using the Altavista Intranet Search service, and performing the request:Solution
The vendor has released a patch that reportedly fixes this issue.See Also
https://seclists.org/bugtraq/1999/Dec/350
https://seclists.org/bugtraq/1999/Dec/371
https://seclists.org/bugtraq/2000/Jan/15
https://seclists.org/bugtraq/2000/Jan/122
http://doc.altavista.com/business_solutions/search_products/free_downloads/search_intranet.shtml
Plugin Details
Severity: Medium
ID: 10015
File Name: altavista_search.nasl
Version: 1.41
Type: remote
Family: CGI abuses
Published: 1/9/2000
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Excluded KB Items: Settings/disable_cgi_scanning
Vulnerability Publication Date: 12/29/1999
Reference Information
CVE: CVE-2000-0039
BID: 896