| VID |
21167 |
| Severity |
20 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A CGI database script of Musket Empower is installed. It was possible to get the physical location of a virtual web directory of this host by issuing the command :
GET /cgi-bin/empower?DB=whatever HTTP/1.0
then a remote user can get an error message that reveals the actual database path. This information could be useful in future attacks. |
| Recommendation |
Use a newer version of this CGI |
| Related URL |
CVE-2001-0224 (CVE) |
| Related URL |
2374 (SecurityFocus) |
| Related URL |
6093 (ISS) |
|
