Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

StrongHold < 3.0 build 3015 File System Disclosure

Medium

Synopsis

The remote web server (RedHat StrongHold Web server) allows anyone to disclose sensitive system files, including httpd.conf, by requesting the URLs /stronghold-info and /stronghold-status.

Description

The remote web server (RedHat StrongHold Web server) allows anyone to disclose sensitive system files, including httpd.conf, by requesting the URLs /stronghold-info and /stronghold-status. An attacker may use this flaw to gain a better intimate knowledge about the remote host and make more focused attacks.

Solution

Upgrade to version 3.0 build 3015 or higher.