Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2138 |
| Message | WEB-MISC logicworks.ini access |
| Summary | This event is generated when an attempt is made to access a configuration file for the php application Web-ERP. |
| Impact | Information disclosure. |
| Detailed Information | This event indicates that an attempt has been made to access a configuration file for the php application Web-ERP. Versions of the web based accounting system Web-ERP do not sufficiently protect the application configuration files. This could lead to sensitive information being disclosed to an unauthorized user. This rule generates an event if a request is made for the configuration file "logicworks.ini". |
| Affected Systems | Web-ERP Web-ERP 0.1.4 |
| Attack Scenarios | An attacker can gain access to the application configuration by making a simple web request. The attacker might then use the information in further attacks against the host. |
| Ease of Attack | Simple. No exploit software required. |
| Corrective Action | Upgrade to the latest non-affected version of the software. |
| Additional References | |
| Rule References | bugtraq: 6996 nessus: 11639 |
--
DID:287050
--
http://www.aanval.com/