Red Hat Stronghold Secure Web Server could allow an attacker to obtain sensitive server information
| stronghold-webserver-obtain-information (7582) |  Low Risk |
Description:
Red Hat Stronghold Secure Web Server could allow a remote attacker to obtain sensitive information, including the httpd.conf file, if the remote administration URLs have been enabled. An attacker could use this vulnerability to launch further attacks against the affected server.
Consequences:
Obtain Information
Remedy:
Upgrade to Stronghold Secure Web Server (3.0 build 3015 or later), available from the Red Hat Linux Web site. Contact Stronghold Technical Support for more information. See References.
References:
- Red Hat Linux Web site: Stronghold Secure Web Server.
- VIGILANTe Security Advisory VIGILANTE-2001002: Redhat Stronghold Secure Server File System Disclosure Vulnerabil ity.
- BID-3577: Stronghold Secure Web Server Information Disclosure Vulnerability
- CVE-2001-0868: Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status.
Platforms Affected:
- RedHat Stronghold 2.3
- RedHat Stronghold 2.4
- RedHat Stronghold 3.0
Reported:
Nov 23, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net