Vulnerabilities > CVE-2005-0694 - Information Disclosure vulnerability in Hosting Controller

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

hosting-controller

nessus

NVD

Published: 2005-03-07

Updated: 2016-10-18

Summary

Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.

Vulnerable Configurations

Part	Description	Count
Application	Hosting_Controller Hosting Controller Hosting Controller 1.1 Hosting Controller Hosting Controller 1.3 Hosting Controller Hosting Controller 1.4.1 Hosting Controller Hosting Controller 1.4B Hosting Controller Hosting Controller 6.1 Hosting Controller Hosting Controller 6.1_Hotfix_1.4 Hosting Controller Hosting Controller 6.1_Hotfix_1.7	7

Nessus

NASL family	CGI abuses
NASL id	HOSTINGCONTROLLER_INFO_EXPOSURE.NASL
description	The remote host is running Hosting Controller a web hosting management application. The remote version of this software is vulnerable to an information disclosure flaw which may allow an attacker to gather additional data on the remote host. An attacker may download the file
last seen	2020-06-01
modified	2020-06-02
plugin id	17308
published	2005-03-10
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17308
title	Hosting Controller HCDiskQuoteService.csv Direct Request Information Disclosure

Summary

Vulnerable Configurations

Nessus

References