Detections
Analytics

Symantec Data Center Security Server 'environment.jsp' Information Disclosure (SYM15-001)

medium Nessus Plugin ID 81551

Language:

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote Symantec Data Center Security Server running on the remote host is affected by an information disclosure vulnerability in the '/webui/admin/environment.jsp' script, which discloses sensitive information about the server and software configuration.

Solution

Upgrade to Symantec Data Center Security version 6.0 MP1, and apply the protection policy modifications described in the vendor advisory.

See Also

http://www.nessus.org/u?0364a137

Plugin Details

Severity: Medium

ID: 81551

File Name: symantec_dcs_cve_2014_9225.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 2/26/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2014-9225

Vulnerability Information

CPE: cpe:/a:symantec:critical_system_protection

Required KB Items: installed_sw/Symantec Data Center Security Server

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 1/19/2015

Vulnerability Publication Date: 1/19/2015

Reference Information

CVE: CVE-2014-9225

BID: 72094