GEN:SID | 1:1159 |
Message | WEB-MISC webplus access |
Summary | This event is generated when an attempt is made to access the webplus CGI script.
|
Impact | Information Gathering.
|
Detailed Information | Some versions of TalentSoft Web+ contain vulnerabilities that can allow arbitrary files to be read or executed by an attacker. Disclosure of script source code is also possible.
|
Affected Systems | TalentSoft Web+
|
Attack Scenarios | An attacker needs to supply a malicious request to the server containing webplus?script.
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
Apply any appropriate vendor supplied patches.
Check the host for signs of compromise.
|
Additional References | |
Rule References | bugtraq: 1174
bugtraq: 1720
bugtraq: 1722
bugtraq: 1725
cve: 2000-1005
|