Detections
Analytics

Muscat Empower CGI Malformed DB Parameter Path Disclosure

medium Nessus Plugin ID 10609

Synopsis

A web application running on the remote host has an information disclosure vulnerability.

Description

The remote host appears to be running Muscat Empower. It was possible to get the physical location of a virtual web directory by issuing the following command :

 GET /cgi-bin/empower?DB=whatever HTTP/1.0

A remote attacker could use this information to mount further attacks.

Solution

Upgrade to the latest version of this software.

See Also

https://seclists.org/bugtraq/2001/Feb/53

Plugin Details

Severity: Medium

ID: 10609

File Name: empower_path.nasl

Version: 1.29

Type: remote

Family: CGI abuses

Published: 2/13/2001

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/12/2001

Reference Information

CVE: CVE-2001-0224

BID: 2374