Summary
The host is installed with DotNetNuke and is prone to Information Disclosure Vulnerability.
Impact
Successful exploitation will let the attacker obtain sensitive information and attacker can use this information for further attacks.
Impact Level: System/Application
Solution
Update to version 5.2.0 or later,
For updates refer to http://www.dotnetnuke.com/
Insight
The flaw exists due to install wizard insecurely displaying certain pages containing version information to an anonymous user.
Affected
DotNetNuke versions 4.0 through 5.1.4 on all running platforms.
References
Severity
Classification
-
CVE CVE-2009-4109 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability