Any idea what could be causing this?
It only appears to enumerate through these addresses:
/cgi-bin/way-board/way-board.cgi
/cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
/way-board/way-board.cgi?db=/etc/passwd%00
and none of these addresses appear on any of the system it detected.
Lucas Albers said:
> I recently updated my plugin list.
> Plugin ID:10610 had detected 471 instances of this particular exploit.
> None of the systems I have checked, even have this cgi-bin software
> installed.
> I believe their is something wrong with this plugin check.
>
> script_id(10610);
> script_version ("$Revision: 1.11 $");
> script_cve_id("CAN-2001-0214");
> script_bugtraq_id(2370);
>
> name["english"] = "way-board";
>
>
> script_name(english:name["english"], francais:name["francais"]);
>
> desc["english"] = "The 'way-board' CGI is installed. This CGI has
> a well known security flaw that lets an attacker read arbitrary
> files with the privileges of the http daemon (usually root or nobody
> ).
>
>
> I did a scan of a similar system that does not have way-point installed
> and it still believed it was installed.
>
> The logs on the scanned webserver show that it returned a 404 on all
> attempted access for that file. So it should not show that way-point is
> installed.
>
> _______________________________________________
> Nessus mailing list
> [EMAIL PROTECTED]
> http://mail.nessus.org/mailman/listinfo/nessus
>
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
