Summary
ODBC tools are present on the remote host.
ODBC tools could allow a malicious user to hijack and redirect ODBC traffic, obtain SQL user names and passwords or write files to the local drive of a vulnerable server.
Example: http://target/scripts/tools/getdrvrs.exe
Solution
Remove ODBC tools from the /scripts/tools directory.
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Admin Bot 'news.php' SQL Injection Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- AjaxPortal 'di.php' File Inclusion Vulnerability
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- Apache Struts ClassLoader Manipulation Vulnerabilities