Synopsis
The remote host has an application that is affected by multiple vulnerabilities.
Description
It is possible to retrieve the log of all the chat sessions that have occurred on the remote vchat server by requesting the file vchat/msg.txt
An attacker may use this flaw to read past chat sessions and possibly harass its participants.
In addition to this, another flaw in the same product may allow an attacker to consume all the resources of the remote host by sending a long message to this module.
Solution
None at this time. Add a .htaccess file to prevent an attacker from obtaining this file.
Plugin Details
File Name: vchat_logs.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required