| VID |
28162 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Adobe Contribute Publishing Server is vulnerable to an administrator password disclosure vulnerability. Adobe Contribute Publishing Server(CPS) is a server application that provides central administration and tracking of user access and publishing activities on the web site. Adobe Contribute Publishing Server could allow a remote attacker to obtain sensitive administrator password information. When the CPS is installed, the administrator's password is written to log files. A remote attacker could exploit this vulnerability to obtain the administrator password and gain administrative privileges on the affected system.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb06-15.html
http://www.frsirt.com/english/advisories/2006/4001
http://secunia.com/advisories/22329
http://securitytracker.com/id?1017038
* Platforms Affected:
Adobe Systems Inc., Adobe Contribute Publishing Server Any version
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Change the administrator password and remove the installation log manually, as listed in Adobe Security Bulletin at http://www.adobe.com/support/security/bulletins/apsb06-15.html |
| Related URL |
CVE-2006-5199 (CVE) |
| Related URL |
20439 (SecurityFocus) |
| Related URL |
29441 (ISS) |
|
