rpm_query CGI System Information Disclosure

medium Nessus Plugin ID 10340

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The rpm_query CGI is installed.

This CGI allows anyone who can connect to this web server to obtain the list of the installed RPMs.

This allows an attacker to determine the version number of your installed services, hence making their attacks more accurate.

Solution

Remove this CGI from cgi-bin/

Plugin Details

Severity: Medium

ID: 10340

File Name: rpm_query.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 3/7/2000

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/5/2000

Reference Information

CVE: CVE-2000-0192

BID: 1036

Detections

Analytics