Code: p1395 Severity: Warning
Description: This event is generated when an attempt is made to exploit a known vulnerability in the Basilix webmail PHP script. An attacker can access mysql.class file to obtain MySQL login and use it for further attacks. Impact: Serious. Password disclosure which can lead to further system compromise. authenticate directly to a mysql database. Many Sun Cobalt Linux servers use Basilix webmail Corrective: Update Basilix script (www.basilix.org) Check files which contain php code for a suffix that might be rendered in plaintext by the web server. Workaround - register .class the same way that the extensions .php, .php3 or.php4 are registered in the web server configuration file. Note: .class is usually used by java applets
|
