Synopsis
The remote service is vulnerable to information disclosure.
Description
The remote host is running the StockMan shopping cart.
There is a flaw in this version that could allow an attacker to obtain the physical path to the remote web root by requesting a non-exisant page through the 'shop.plx' CGI.
An attacker may use this flaw to gain more knowledge about the setup of the remote host.
Solution
Upgrade to StockMan Shopping Cart Version 7.9 or newer.
Plugin Details
File Name: stockman_shopping_cart_path_disclosure.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Excluded KB Items: Settings/disable_cgi_scanning