Detections
Analytics

Movable Type mt-check.cgi System Information Disclosure

medium Nessus Plugin ID 42842

Language:

Synopsis

A web application on the remote host may leak information.

Description

The Movable Type installation on the remote web server is leaking information via mt-check.cgi. This CGI determines if the Perl modules required by Movable Type are installed, and is only intended to be used prior to installation. It discloses path information, operating system type, Perl version, and the versions of several Perl modules. A remote attacker could use this information to mount further attacks.

Solution

Remove this file from the web server.

See Also

https://www.tenable.com/security/research/tra-2009-03

Plugin Details

Severity: Medium

ID: 42842

File Name: movabletype_mtcheckcgi_info_leak.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 11/18/2009

Updated: 6/5/2024

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:sixapart:movable_type

Required KB Items: www/movabletype

Excluded KB Items: Settings/disable_cgi_scanning

Reference Information