Summary
The SiteScope web service has no password set. An attacker who can connect to this server could view usernames and passwords stored in the preferences section or reconfigure the service.
Solution
Make sure that a password is set in the configuration for this service. Depending on where this server is located, you may want to restrict access by IP address in addition to username.
Severity
Classification
-
CVE CVE-1999-0508 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AMSI 'file' Parameter Directory Traversal Vulnerability
- AN Guestbook Local File Inclusion Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities