Movable Type mt-check.cgi System Information Disclosure

medium Nessus Plugin ID 42842
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

A web application on the remote host may leak information.

Description

The Movable Type installation on the remote web server is leaking information via mt-check.cgi. This CGI determines if the Perl modules required by Movable Type are installed, and is only intended to be used prior to installation. It discloses path information, operating system type, Perl version, and the versions of several Perl modules. A remote attacker could use this information to mount further attacks.

Solution

Remove this file from the web server.

See Also

https://www.tenable.com/security/research/tra-2009-03

Plugin Details

Severity: Medium

ID: 42842

File Name: movabletype_mtcheckcgi_info_leak.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 11/18/2009

Updated: 1/19/2021

Dependencies: movabletype_detect.nasl

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:F/RL:TF/RC:ND

Vulnerability Information

CPE: cpe:/a:sixapart:movable_type

Required KB Items: www/movabletype

Reference Information