Summary
The remote web server is running the SiteScope Management web server. This service allows attackers to gain sensitive information on the SiteScope-monitored server.
Sensitive information includes (but is not limited to): license number, current users, administrative email addresses, database username and password, SNMP community names, UNIX usernames and passwords, LDAP configuration, access to internal servers (via Diagnostic tools), etc.
Solution
Disable the SiteScope Managment web server if it is unnecessary, or block incoming traffic to this port.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple iTunes Multiple Vulnerabilities - Apr10
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
- Apache Tomcat XML External Entity Information Disclosure Vulnerability