The host is running Pentaho BI Server and is prone to multiple vulnerabilities.
Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or obtain sensitive information. Impact Level: Application
Upgrade to Pentaho BI Server 3.5.0 GA or later, For updates refer to http://www.pentaho.com/download/
- Input passed via the 'outputType' parameter to ViewAction is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - Password field with autocomplete enabled, which might allow physically proximate attackers to obtain the password. - Disclosure of session ID (JSESSIONID) in URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.
Pentaho BI Server version 126.96.36.1992 and prior.
Updated on 2015-03-25
- IBM WebSphere Application Server JNDI information disclosure Vulnerability
- Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
- CERN HTTPD access control bypass
- Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
- httpdx Space Character Remote File Disclosure Vulnerability