Sambar Server dumpenv.pl Information Disclosure

medium Nessus Plugin ID 10060

Synopsis

The remote host has a CGI script that is affected by information disclosure vulnerability.

Description

CGI script 'dumpenv.pl' is installed on the remote host. This CGI gives away too much information about the web server configuration, which will help an attacker.

Solution

Remove it from /cgi-bin.

Plugin Details

Severity: Medium

ID: 10060

File Name: dumpenv.nasl

Version: 1.34

Type: remote

Family: CGI abuses

Published: 6/22/1999

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 6/10/1998

Reference Information

CVE: CVE-1999-1178