Network Query Tool Detection

Medium Nessus Network Monitor Plugin ID 2743

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running the Network Query Tool CGI script. This script allows anonymous, remote users to perform port scans, whois, DNS queries, ping, traceroute, and more via a web interface. An attacker coming upon this application would be able to use the script to perform discovery scanning against any range of addresses. This would include, but not be limited to, internal IP ranges.

Solution

Ensure that this application is valid with respect to corporate policies and guidelines. If the application is required, consider using Access Control Lists (ACLs) or other security measures to block unauthorized usage.

Plugin Details

Severity: Medium

ID: 2743

File Name: 2743.prm

Family: CGI

Published: 2005/03/23

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: Medium