IlohaMail Multiple Configuration Files Remote Information Disclosure

medium Nessus Plugin ID 16142

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The target is running at least one instance of IlohaMail that allows anyone to retrieve its configuration files over the web. These files may contain sensitive information. For example, conf/conf.inc may hold a username / password used for SMTP authentication.

Solution

Upgrade to IlohaMail version 0.8.14-rc2 or later or reinstall following the 'Proper Installation' instructions in the INSTALL document.

See Also

https://seclists.org/bugtraq/2005/Jan/118

Plugin Details

Severity: Medium

ID: 16142

File Name: ilohamail_conf_files_readable.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 1/12/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/11/2005

Reference Information

BID: 12252