Detections
Analytics

myServer Multiple Vulnerabilities

low Nessus Network Monitor Plugin ID 2892

Synopsis

The remote host is running a vulnerable version of myServer.

Description

The remote host is running myServer 0.8.0 or older. There is a flaw in the remote version of this software that may allow an attacker to list directories or execute a Cross-Site Scripting (XSS) attack. The first flaw would allow an attacker access to potentially confidential data via a directory listing. The second flaw would require the attacker to be able to convince a user to browse a malicious URI. Successful exploitation would result in the attacker being able to retrieve potentially confidential data (such as authentication cookies).

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Low

ID: 2892

Family: Web Servers

Published: 5/10/2005

Updated: 3/6/2019

Nessus ID: 18218

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Reference Information

CVE: CVE-2005-1658, CVE-2005-1659

BID: 13578, 13579