| VID |
22002 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.
An attacker may use this to obtain valuable information about your site, such as who visits it and how popular it is.
* References:
http://www.securityfocus.com/bid/1497
http://www.iss.net/security_center/static/5184.php |
| Recommendation |
Use another web server, as WebActive is not maintained. If you are using WindowsNT, then remove read access to this file. |
| Related URL |
CVE-2000-0642 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
