Detections
Analytics
Sawmill File Access Information Disclosure
medium Nessus Plugin ID 10453
Synopsis
An application running on the remote web server is affected by an information disclosure vulnerability.Description
The remote web server is affected by an information disclosure vulnerability due to improper validation of user-supplied input to the 'rfcf' parameter. An unauthenticated, remote attacker can exploit this, via a crafted request, to disclose the first line of arbitrary files on the remote host.Solution
Upgrade Sawmill to the latest available version.Plugin Details
Severity: Medium
ID: 10453
File Name: sawmill.nasl
Version: 1.34
Type: remote
Family: CGI abuses
Published: 6/27/2000
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:sawmill:sawmill
Required KB Items: installed_sw/Sawmill
Exploit Ease: No exploit is required
Exploited by Nessus: true
Vulnerability Publication Date: 6/26/2000
Reference Information
CVE: CVE-2000-0588
BID: 1402