Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing

high Nessus Plugin ID 25626

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The version of the Kaspersky Anti-Spam Control Center installed on the remote host is affected by an information disclosure vulnerability due to a failure to require authentication for access to directories under the service's document root. An unauthenticated, remote attacker can exploit this to obtain sensitive information from the remote host.

Note that the Control Center listens only on the loopback interface by default.

Solution

Apply Critical Fix 1 for Kaspersky Anti-Spam 3.0 MP1.

Plugin Details

Severity: High

ID: 25626

File Name: kaspersky_antispam_unauth_access.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 6/29/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:kaspersky_lab:kaspersky_anti-spam

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 6/28/2007

Reference Information

CVE: CVE-2007-3502

BID: 24692