Tenable Network Security
Solutions Products Nessus Demos Partners Online Store
Nessus
Download
Plugins
     Newest Plugins
     Obtain an activation code
     View all plugins
     Search
Documentation
Register
Buy Now
ProfessionalFeed Support
Bugs
All the Tenable Products

Informix webdriver CGI Unauthenticated Database Access
This script is Copyright (C) 2000-2010 Tenable Network Security, Inc.

FamilyCGI abuses
Nessus Plugin ID10592 (webdriver.nasl)
Bugtraq ID2166
CVE ID

Description:
Synopsis :

The remote web server contains a CGI script that may fail to restrict
access to an installed database.

Description :

The remote host may be running Informix Webdriver, a web-to-database
interface. If not configured properly, this CGI script may give an
unauthenticated attacker the ability to modify and even delete
databases on the remote host.

*** Nessus relied solely on the presence of this CGI
it did not
*** try to determine if the installed version is vulnerable to
*** that problem.

See also :

http://archives.neohapsis.com/archives/bugtraq/2001-01/0002.html
http://archives.neohapsis.com/archives/bugtraq/2001-01/0043.html

Solution :

Consult the product documentation to properly configure the script.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
About us | Whitepapers | Training | Discussion Forums | Support Portal | Blog | RSS feeds | Contact us | Legal | Privacy

© Copyright 2002 - 2010 Tenable Network Security(R). All Rights Reserved.

This is the web site for the Nessus Vulnerability Scanner from Tenable Network Security. If you are looking for the probabilistic analysis software from Southwest Research Institute, please visit www.nessus.swri.org