Summary
The host is installed with DotNetNuke and is prone to Information Disclosure Vulnerability.
Impact
Successful exploitation will let the attacker obtain sensitive information and attacker can use this information for further attacks.
Impact Level: System/Application
Solution
Update to version 5.2.0 or later,
For updates refer to http://www.dotnetnuke.com/
Insight
The flaw exists due to install wizard insecurely displaying certain pages containing version information to an anonymous user.
Affected
DotNetNuke versions 4.0 through 5.1.4 on all running platforms.
References
Severity
Classification
-
CVE CVE-2009-4109 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability