Detections
Analytics

HP Ignite-UX TFTP /etc/pass File Disclosure

medium Nessus Plugin ID 19509

Language:

Synopsis

The remote TFTP daemon has an information disclosure vulnerability.

Description

The remote host has a vulnerable version of the HP Ignite-UX application installed that exposes the /etc/passwd file to anonymous TFTP access. A remote attacker could use this information to mount further attacks.

Solution

Apply the appropriate vendor patch.

See Also

http://research.corsaire.com/advisories/c041123-001.txt

Plugin Details

Severity: Medium

ID: 19509

File Name: tftp_files_hp_ignite_ux_passwd.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 8/26/2005

Updated: 8/22/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Services/udp/tftp

Excluded KB Items: tftp/backdoor

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/16/2005

Reference Information

CVE: CVE-2004-0951

BID: 14568