WebActive HTTP Server active.log Remote Information Disclosure

medium Nessus Plugin ID 10470

Synopsis

The remote service is vulnerable to information disclosure.

Description

It is possible to obtain the remote WebActive logfile by requesting the file /active.log

An attacker may use this to obtain valuable information about your site, such as who visits it and how popular it is.

Solution

Use another web server, as WebActive is not maintained.
If you are using WindowsNT, then remove read access to this file.

Plugin Details

Severity: Medium

ID: 10470

File Name: webactive_log.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 7/16/2000

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/11/2000

Reference Information

CVE: CVE-2000-0642

BID: 1497

Detections

Analytics