Savant < 3.0 GET Request CGI Source Disclosure

Medium Nessus Network Monitor Plugin ID 1518

Synopsis

The remote Savant Web Server can be forced by an attacker to display the content of the CGIs it runs instead of the output of their execution.

Description

The remote Savant Web Server can be forced by an attacker to display the content of the CGIs it runs instead of the output of their execution. An attacker may use this flaw to view the source code of your scripts or to get a copy of your binary CGIs.

Solution

Upgrade to Savant 3.x or higher.

Plugin Details

Severity: Medium

ID: 1518

File Name: 1518.prm

Family: Web Servers

Published: 2004/08/18

Modified: 2016/11/23

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2000-0521

BID: 1313

OSVDB: 517