|
|
|
|
|
|
|
| |
NaviCOPA ::$DATA Extension Request Source Code Disclosure |
|
| This script is Copyright (C) 2009-2010 Tenable Network Security, Inc. |
|
|
| Family | Web Servers |
| Nessus Plugin ID | 41646 (navicopa_source_data.nasl) |
| Bugtraq ID |
|
| CVE ID | CVE-2009-3646
|
|
| Description: |
Synopsis :
The remote web server is affected by an information disclosure
vulnerability.
Description :
The installed version of the NaviCOPA web server software on the
remote host returns the source of scripts hosted on it when '::$DATA'
is appended to the request URL. A remote attacker can leverage this
issue to view the source code of CGIs and possibly obtain passwords
and other sensitive information from this host.
Solution :
Upgrade to NaviCOPA 3.01.2 from 17th September 2009 or later as that
reportedly addresses the issue.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
|
|
|
|
|
|
