Vulnerabilities > CVE-2001-0868 - Information Disclosure vulnerability in Redhat Stronghold 2.3/3.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

nessus

NVD

Published: 2001-11-28

Updated: 2017-12-19

Summary

Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Stronghold 2.3 Redhat Stronghold - Redhat Stronghold 3.0	3

Nessus

NASL family	CGI abuses
NASL id	STRONGHOLD.NASL
description	Redhat Stronghold Secure Server File System Disclosure Vulnerability The problem: In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that allows a remote attacker to disclose sensitive system files including the httpd.conf file, if a restricted access to the server status report is not enabled when using those features. This may assist an attacker in performing further attacks. By trying the following urls, an attacker can gather sensitive information: http://target/stronghold-info will give information on configuration http://target/stronghold-status will return among other information the list of request made Please note that this attack can be performed after a default installation. The vulnerability seems to affect all previous version of Stronghold.
last seen	2020-06-01
modified	2020-06-02
plugin id	10803
published	2001-11-25
reporter	This script is Copyright (C) 2001-2018 Felix Huber
source	https://www.tenable.com/plugins/nessus/10803
title	Redhat Stronghold status / info Request Information Disclosure
code	# # This script was written by Felix Huber <[email protected]> # # v. 1.00 (last update 23.11.01) # Changes by Tenable: # - re-wrote the code to do pattern matching (RD) # - updated plugin title (4/1/2009) # - Updated to use compat.inc, added CVSS score (11/20/2009) include("compat.inc"); if(description) { script_id(10803); script_version ("1.24"); script_cve_id("CVE-2001-0868"); script_bugtraq_id(3577); script_name(english:"Redhat Stronghold status / info Request Information Disclosure"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by an information disclosure vulnerability." ); script_set_attribute(attribute:"description", value: "Redhat Stronghold Secure Server File System Disclosure Vulnerability The problem: In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that allows a remote attacker to disclose sensitive system files including the httpd.conf file, if a restricted access to the server status report is not enabled when using those features. This may assist an attacker in performing further attacks. By trying the following urls, an attacker can gather sensitive information: http://target/stronghold-info will give information on configuration http://target/stronghold-status will return among other information the list of request made Please note that this attack can be performed after a default installation. The vulnerability seems to affect all previous version of Stronghold." ); script_set_attribute(attribute:"solution", value: "Patch was released (November 19, 2001)" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2001/11/25"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/11/23"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Redhat Stronghold File System Disclosure"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2001-2020 Felix Huber"); script_family(english:"CGI abuses"); script_dependencie( "http_version.nasl"); script_require_keys("www/apache"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80, embedded:TRUE); if(get_port_state(port)) { req = http_get(item:"/stronghold-info", port:port); r = http_keepalive_send_recv(port:port, data:req); if (! r ) exit(0); if("Stronghold Server Information" >< r) { security_warning(port); exit(0); } req = http_get(item:"/stronghold-status", port:port); r = http_keepalive_send_recv(port:port, data:req); if("Stronghold Server Status for" >< r)security_warning(port); }

Summary

Vulnerable Configurations

Nessus

References