Detections
Analytics

Microsoft Site Server Multiple Script Information Disclosure

medium Nessus Plugin ID 11018

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The remote web server seems to leak information when some pages are accessed using the account 'LDAP_AnonymousUser' with the password 'LdapPassword_1'.

Pages which leak information include, but are not limited to :

 - /SiteServer/Admin/knowledge/persmbr/vs.asp
 - /SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
 - /SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
 - /SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp

Solution

Install SP4 for Site Server 3.0.

See Also

http://support.microsoft.com/default.aspx?scid=kb;EN-US;248840

https://marc.info/?l=vulnwatch&m=101235440104716&w=2

Plugin Details

Severity: Medium

ID: 11018

File Name: ms_siteserver_info_disclosure.nasl

Version: 1.29

Type: remote

Family: CGI abuses

Published: 6/8/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/ASP

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/30/2002

Reference Information

CVE: CVE-2002-1769

BID: 3998