Code: p1394 Severity: Warning
Description: This event is generated when an attempt is made to access the file sendmail.inc on a webserver running Basilix webmail. Impact: Medium - Password disclosure: Depending if the attacker can use this login credentials to authenticate directly to a mysql database. Many Sun Cobalt Linux servers use Basilix webmail Corrective: Update Basilix script (www.basilix.org) Check files which contain php code for a suffix that is handled by the webserver CGI, else the webserver sends this file plaintext to an attacker Workaround: register .inc and .class in the same way .php or .php3 .php4 are registered. Note: .class is used by java applets usually
|
