RiSearch Arbitrary File Access Network Vulnerability

Summary

The remote host seems to be running RiSearch, a local search engine. This version contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an arbitary local file path is passed to show.pl, which will disclose the file contents resulting in a loss of confidentiality. An attacker, exploiting this flaw, would be able to gain access to potentially confidential files which would be useful in elevating privileges on the remote machine.

Solution

Upgrade to the latest version of this software.

Severity

Classification

CVE CVE-2004-2061

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AudiStat multiple vulnerabilities
Apache Struts ClassLoader Manipulation Vulnerabilities
b2Evolution title SQL Injection
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability

Take action and discover your vulnerabilities