Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure

medium Nessus Plugin ID 30053

Synopsis

The remote web server contains a PHP application that is affected by an information disclosure issue.

Description

The version of Kayako SupportSuite installed on the remote host returns PHP's '$_SERVER' superglobal variable in response to a request for Kayako's 'syncml/index.php' page. This variable contains information about the remote web server, some of which might be sensitive.

Solution

Unknown at this time.

See Also

http://www.waraxe.us/advisory-63.html

https://www.securityfocus.com/archive/1/486762/30/0/threaded

Plugin Details

Severity: Medium

ID: 30053

File Name: kayako_syncml_info_disclosure.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 1/23/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:kayako:supportsuite

Required KB Items: www/kayako_supportsuite, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-0395

CWE: 200