| GEN:SID | 1:2058 |
| Message | WEB-MISC MsmMask.exe attempt |
| Summary | vulnerability in MondoSearch.
|
| Impact | Information disclosure
|
| Detailed Information | Versions of MondoSearch prior to 4.4.5156 use a vulnerable version of a cgi script named msmmask.exe. This script allows the attacker to view the source of any file in a webservers root directory.
|
| Affected Systems | MondoSearch versions prior to 4.4.5156.
|
| Attack Scenarios | The attacker needs to access the msmmask.exe script and request a file in the servers web directory.
|
| Ease of Attack | Simple
|
| Corrective Action | Upgrade the application to at least version 4.4.5156 or higher.
|
| Additional References | Nessus: http://cgi.nessus.org/plugins/dump.php3?id=11163
|
| Rule References | nessus: 11163
|