ID de Prueba:	1.3.6.1.4.1.25623.1.0.14306
Categoría:	Web application abuses
Título:	BasiliX Attachment Disclosure Vulnerability
Resumen:	The remote web server contains a series of PHP scripts that are prone to;information disclosure.;;Description :;;The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default;under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone;with shell access on the affected system or who can place CGI files on it can access attachments uploaded to;BasiliX.
Descripción:	Summary: The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files on it can access attachments uploaded to BasiliX. Solution: Upgrade to BasiliX version 1.1.1 or later. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1711 BugTraq ID: 5065 http://www.securityfocus.com/bid/5065 Bugtraq: 20020618 BasiliX multiple vulnerabilities (Google Search) http://online.securityfocus.com/archive/1/277710 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html XForce ISS Database: basilix-webmail-view-attachments(9387) https://exchange.xforce.ibmcloud.com/vulnerabilities/9387
Copyright	Copyright (C) 2004 George A. Theall

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.