GEN:SID | 1:2059 |
Message | WEB-MISC MsmMask.exe access |
Summary | MsmMask.exe
|
Impact | Information disclosure
|
Detailed Information | Versions of MondoSearch prior to 4.4.5156 use a vulnerable version of a cgi script named msmmask.exe. This script allows the attacker to view the source of any file in a webservers root directory.
vulnerabilities using the security scanner nessus.
|
Affected Systems | MondoSearch versions prior to 4.4.5156.
|
Attack Scenarios | The attacker needs to access the msmmask.exe script and request a file in the servers web directory.
|
Ease of Attack | Simple
|
Corrective Action | Upgrade the application to at least version 4.4.5156 or higher.
|
Additional References | Nessus: http://cgi.nessus.org/plugins/dump.php3?id=11163
|
Rule References | nessus: 11163
|