Summary
The msmmask.exe CGI is installed.
Some versions allow an attacker to read the source of any file in your webserver's directories by using the 'mask' parameter.
Solution
Upgrade your MondoSearch to version 4.4.5156 or later.
Severity
Classification
-
CVE CVE-2002-1528 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Apache Open For Business HTML injection vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability