NAI WebShield SMTP GET_CONFIG Information Disclosure

medium Nessus Plugin ID 10424

Synopsis

The remote management service is prone to information disclosure.

Description

The remote NAI WebShield SMTP Management tool gives away its configuration when it is issued the command :

GET_CONFIG

This may be of some use to an attacker to gain more knowledge about this system.

Solution

Filter incoming traffic to this port. You may also restrict the set of trusted hosts in the configuration console :
- go to the 'server' section
- select the 'trusted clients' tab
- and set the data accordingly

Plugin Details

Severity: Medium

ID: 10424

File Name: nai_webshield_info.nasl

Version: 1.21

Type: remote

Family: Misc.

Published: 5/27/2000

Updated: 7/17/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/25/2000

Reference Information

CVE: CVE-2000-0448

BID: 1253

Detections

Analytics