Synchrologic Email Accelerator aggregate.asp User Account Disclosure

medium Nessus Plugin ID 11657

Language:

Synopsis

The remote host has an application that is affected by an information disclosure vulnerability.

Description

The remote host seems to be running Synchrologic Email Accelerator Synchrologic is a product which allows remote PDA users to sync with email, calendar, etc.

If this server is on an Internet segment (as opposed to internal), you may wish to tighten the access to the aggregate.asp page.

The server allows anonymous users to look at Top Network user IDs Example : http://IP_ADDRESS/en/admin/aggregate.asp

Solution

Unknown at this time.

Plugin Details

Severity: Medium

ID: 11657

File Name: synchrologic_detect.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 5/28/2003

Updated: 5/28/2024

Configuration: Enable thorough checks

Asset Inventory: true

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Information disclosure

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

Vulnerability Information

CPE: x-cpe:/a:articatech:artica

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning