3com RAS 1500 Configuration Disclosure

Medium Nessus Plugin ID 11480


The remote host is susceptible to an information disclosure attack.


The remote 3com SuperStack II Remote Access System 1500 discloses its user configuration (user_settings.cfg) when the file is requested through the web interface. The file is transmitted in cleartext and contains the password of the device as well as other sensitive information.

An attacker may use this flaw to gain the control of this host.


Filter incoming traffic to this host.

See Also


Plugin Details

Severity: Medium

ID: 11480

File Name: 3com_config_disclosure.nasl

Version: $Revision: 1.17 $

Type: remote

Family: Misc.

Published: 2003/03/26

Modified: 2016/11/15

Dependencies: 10107, 10386

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7176

OSVDB: 50430

Secunia: 8402