GEN:SID | 1:2199 |
Message | WEB-CGI multidiff.cgi access |
Summary | This event is generated when an attempt is made to access multidiff.cgi on an internal web server. This may indicate an attempt to exploit an information disclosure vulnerability in Mozilla Bonsai 1.3.
|
Impact | Information gathering.
|
Detailed Information | Mozilla Bonsai, a CVS query tool, contains an information disclosure vulnerability in multidiff.cgi. An attacker can discover the location of the Mozilla Bonsai application by sending a malformed request to the application, which produces an error. The error message shows the full path of the multidiff.cgi file, providing the attacker with information about the server directory structure.
|
Affected Systems | Any system running Mozilla Bonsai 1.3.
|
Attack Scenarios | An attacker sends an erroneous request to multidiff.cgi on the Bonsai server. The error message returns the full path of the script, allowing the attacker to discover more information about the server directory structure for possible use in later attacks.
|
Ease of Attack | Simple. Proof of concept exists.
|
Corrective Action | Upgrade to a newer build of Mozilla Bonsai 1.3.
If you are running Mozilla Bonsai on Debian 3.0, Debian has provided patches at http://security.debian.org/pool/updates/main/b/bonsai/.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/5517
|
Rule References | bugtraq: 4579
bugtraq: 5517
cve: 2003-0153
nessus: 11748
|