Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2135 |
| Message | WEB-MISC philboard.mdb access |
| Summary | This event is generated when a remote user attempts to access philboard.mdb on a web server port on an internal server. This may indicate an attempt to exploit a vulnerability in the default installation of Philboard bulletin board software, where the Philboard Access database is accessible to the Internet. |
| Impact | Information gathering, possible administrative access to the bulletin board. |
| Detailed Information | By default, Philboard installs the Access database file to database/philboard.mdb on the web server. Without authentication, an attacker can download this file to access Philboard bulletin board user names, passwords, and message archives. |
| Affected Systems | Any server running Philboard 1.x. |
| Attack Scenarios | An attacker can download the Philboard database, which will allow them to access Philboard user names, passwords, and message archives. |
| Ease of Attack | Simple. |
| Corrective Action | Move philboard.mdb to an inaccessible location and/or add security permissions to the directory in which it resides. |
| Additional References | Secunia http://www.secunia.com/advisories/8898/ |
| Rule References | nessus: 11682 |
--
DID:490160
--
http://www.aanval.com/