Multiple Web Server finger CGI Information Disclosure

medium Nessus Plugin ID 10071

Synopsis

An application on the remote web server is leaking information.

Description

The 'finger' CGI is installed. This can be used by a remote attacker to enumerate accounts on the system. Such information is typically valuable in conducting additional, more focused attacks.

Solution

Remove the script from /cgi-bin.

Plugin Details

Severity: Medium

ID: 10071

File Name: finger_cgi.nasl

Version: 1.34

Type: remote

Family: CGI abuses

Published: 6/22/1999

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 1/1/1995

Detections

Analytics