Movable Type mt-check.cgi System Information Disclosure

Medium Nessus Plugin ID 42842

Synopsis

A web application on the remote host may leak information.

Description

The Movable Type installation on the remote web server is leaking information via mt-check.cgi. This CGI determines if the Perl modules required by Movable Type are installed, and is only intended to be used prior to installation. It discloses path information, operating system type, Perl version, and the versions of several Perl modules. A remote attacker could use this information to mount further attacks.

Solution

Remove this file from the web server.

See Also

https://www.tenable.com/security/research/tra-2009-03

Plugin Details

Severity: Medium

ID: 42842

File Name: movabletype_mtcheckcgi_info_leak.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 2009/11/18

Updated: 2018/06/14

Dependencies: 39537

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:TF/RC:ND

Vulnerability Information

CPE: cpe:/a:sixapart:movable_type

Required KB Items: www/movabletype

Reference Information