WEBactive HTTP Server Default Log Vulnerability
BID:1497
Info
WEBactive HTTP Server Default Log Vulnerability
| Bugtraq ID: | 1497 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 12 2000 12:00AM |
| Updated: | Jul 12 2000 12:00AM |
| Credit: | Posted to BugTraq on July 11, 2000 by Prizm <[email protected]> |
| Vulnerable: |
ITAfrica WEBactive 1.0 |
| Not Vulnerable: | |
Discussion
WEBactive HTTP Server Default Log Vulnerability
WEBactive HTTP Server is configured by default to store the server log in the root WWW directory as the file "active.log" which can be retrieved remotely.
WEBactive HTTP Server is configured by default to store the server log in the root WWW directory as the file "active.log" which can be retrieved remotely.
Exploit / POC
WEBactive HTTP Server Default Log Vulnerability
http://target/active.log
http://target/active.log
Solution / Fix
WEBactive HTTP Server Default Log Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
WEBactive HTTP Server Default Log Vulnerability
References:
References: