Summary
The remote web server is running the SiteScope Management web server. This service allows attackers to gain sensitive information on the SiteScope-monitored server.
Sensitive information includes (but is not limited to): license number, current users, administrative email addresses, database username and password, SNMP community names, UNIX usernames and passwords, LDAP configuration, access to internal servers (via Diagnostic tools), etc.
Solution
Disable the SiteScope Managment web server if it is unnecessary, or block incoming traffic to this port.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari Webkit Multiple Vulnerabilities - March 2011
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
- Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
- Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)