BasiliX Attachment Disclosure Vulnerability Network Vulnerability

Summary

The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files on it can access attachments uploaded to BasiliX.

Solution

Upgrade to BasiliX version 1.1.1 or later.

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-1711
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Detects Xaraya version
Axis Commerce HTML Injection Vulnerability
MantisBT Cross-site scripting Vulnerability
Apache Tomcat SecurityManager Security Bypass Vulnerability
MediaWiki Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities