GEN:SID 1:2138
Message WEB-MISC logicworks.ini access
Summary This event is generated when an attempt is made to access a configuration file for the php application Web-ERP.
Impact Information disclosure.
Detailed Information This event indicates that an attempt has been made to access a configuration file for the php application Web-ERP.

Versions of the web based accounting system Web-ERP do not sufficiently protect the application configuration files. This could lead to sensitive information being disclosed to an unauthorized user.

This rule generates an event if a request is made for the configuration file "logicworks.ini".
Affected Systems Web-ERP Web-ERP 0.1.4
Attack Scenarios An attacker can gain access to the application configuration by making a simple web request. The attacker might then use the information in further attacks against the host.
Ease of Attack Simple. No exploit software required.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References  
Rule References bugtraq: 6996
nessus: 11639