MondoSearch MsmMask.exe Arbitrary Script Source Disclosure

medium Nessus Plugin ID 11163

Synopsis

The remote web server is hosting a CGI application that is affected by an information disclosure vulnerability.

Description

The msmmask.exe CGI is installed. Some versions allow an attacker to read the source of any file in your web server's directories by using the 'mask' parameter.

Solution

Upgrade your MondoSearch to version 4.4.5156 or later.

Plugin Details

Severity: Medium

ID: 11163

File Name: msmmask.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 11/25/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 10/10/2002

Reference Information

CVE: CVE-2002-1528

Detections

Analytics