Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.14305 |
Kategorie: | Web application abuses |
Titel: | BasiliX Arbitrary File Disclosure Vulnerability |
Zusammenfassung: | The remote web server contains a PHP script that is prone to information;disclosure.;;Description :;;The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary;files that are accessible to the web server user when sending a message since they accept a list of attachment;names from the client yet do not verify that the attachments were in fact uploaded.;;Further, since these versions do not sanitize input to the 'login.php3' script, it's possible for an attacker to;establish a session on the target without otherwise having access there by authenticating against an IMAP server;of his or her choosing. |
Beschreibung: | Summary: The remote web server contains a PHP script that is prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they accept a list of attachment names from the client yet do not verify that the attachments were in fact uploaded. Further, since these versions do not sanitize input to the 'login.php3' script, it's possible for an attacker to establish a session on the target without otherwise having access there by authenticating against an IMAP server of his or her choosing. Solution: Upgrade to BasiliX version 1.1.1 or later. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N |
Querverweis: |
BugTraq ID: 5062 Common Vulnerability Exposure (CVE) ID: CVE-2002-1710 http://www.securityfocus.com/bid/5062 Bugtraq: 20020618 BasiliX multiple vulnerabilities (Google Search) http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html XForce ISS Database: basilix-webmail-attach-files(9386) https://exchange.xforce.ibmcloud.com/vulnerabilities/9386 |
Copyright | This script is Copyright (C) 2004 George A. Theall |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |