Detections
Analytics
Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure
medium Nessus Plugin ID 30053
Language:
Synopsis
The remote web server contains a PHP application that is affected by an information disclosure issue.Description
The version of Kayako SupportSuite installed on the remote host returns PHP's '$_SERVER' superglobal variable in response to a request for Kayako's 'syncml/index.php' page. This variable contains information about the remote web server, some of which might be sensitive.Solution
Unknown at this time.See Also
http://www.waraxe.us/advisory-63.html
https://www.securityfocus.com/archive/1/486762/30/0/threaded
Plugin Details
Severity: Medium
ID: 30053
File Name: kayako_syncml_info_disclosure.nasl
Version: 1.18
Type: remote
Family: CGI abuses
Published: 1/23/2008
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.7
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:kayako:supportsuite
Required KB Items: www/kayako_supportsuite, www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploited by Nessus: true
Reference Information
CVE: CVE-2008-0395
CWE: 200