StrongHold < 3.0 build 3015 File System Disclosure

Medium Nessus Network Monitor Plugin ID 1474

Synopsis

The remote web server (RedHat StrongHold Web server) allows anyone to disclose sensitive system files, including httpd.conf, by requesting the URLs /stronghold-info and /stronghold-status.

Description

The remote web server (RedHat StrongHold Web server) allows anyone to disclose sensitive system files, including httpd.conf, by requesting the URLs /stronghold-info and /stronghold-status. An attacker may use this flaw to gain a better intimate knowledge about the remote host and make more focused attacks.

Solution

Upgrade to version 3.0 build 3015 or higher.

Plugin Details

Severity: Medium

ID: 1474

File Name: 1474.prm

Family: Web Servers

Published: 2004/08/20

Modified: 2016/01/22

Dependencies: 1442

Nessus ID: 10803

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:U/RC:C

Reference Information

CVE: CVE-2001-0868

BID: 3577

OSVDB: 17086, 670