GEN:SID | 1:2000 |
Message | WEB-PHP readmsg.php access |
Summary | This event is generated when a remote user attempts to access readmsg.php on a web server. This may indicate an attempt to exploit a directory traversal vulnerability in the WebMail application on Sun Microsystems' Cobalt Qube 3.0 server appliance.
|
Impact | Information gathering.
|
Detailed Information | This event may indicate an attempt to exploit a vulnerability in the WebMail application used by Sun Microsystems' Cobalt Qube 3.0 server appliance. An attacker can use directory traversal techniques when accessing readmsg.php to view hidden files and directories on the web server with the access privileges of the server.
|
Affected Systems | Any Cobalt Qube 3.0 server appliance running Cobalt Qube Webmail 2.0.1.
|
Attack Scenarios | An attacker can use directory traversal techniques when executing readmsg.php to view directories and files on the Cobalt server.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | Upgrade to the newest version of the software. Sun Microsystems has released a patch (Qube3-ml-Security-2.0.1-10626.pkg) that can be downloaded from ftp://ftp.cobalt.com/.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/2987
CVE http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2001-1408
Nessus http://cgi.nessus.org/plugins/dump.php3?id=11073
|
Rule References | cve: 2001-1408
nessus: 11073
|