| VID |
210039 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A file which is presumed to be an administrator's web page or the interface for administrator's web page has been found on the web server. The file can allow attackers to obtain sensitive information such as authentication session ID, users' name and password, administrative interface for getting unauthorized access It can help remote atackers to attack the web server in detail.
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Take the following steps:
- Delete the file if it's not necessary.
- Restrict the permission of the directory.
- Change the file name to an unguessed name.
- Move the file to location where remote access is not allowed |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
