Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2003 John LampeOPENVAS:136141256231011657
HistoryNov 03, 2005 - 12:00 a.m.

Synchrologic Email Accelerator User Account Information Disclosure

2005-11-0300:00:00
Copyright (C) 2003 John Lampe
plugins.openvas.org
5

AI Score

7.2

Confidence

Low

JSON

Synchrologic Email Accelerator is prone to an information
disclosure vulnerability.

# SPDX-FileCopyrightText: 2003 John Lampe
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.11657");
  script_version("2024-06-13T05:05:46+0000");
  script_tag(name:"last_modification", value:"2024-06-13 05:05:46 +0000 (Thu, 13 Jun 2024)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_name("Synchrologic Email Accelerator User Account Information Disclosure");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2003 John Lampe");
  script_dependencies("find_service.nasl", "httpver.nasl", "webmirror.nasl",
                      "DDI_Directory_Scanner.nasl", "global_settings.nasl",
                      "gb_microsoft_iis_http_detect.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_tag(name:"summary", value:"Synchrologic Email Accelerator is prone to an information
  disclosure vulnerability.");

  script_tag(name:"impact", value:"The server allows anonymous users to look at Top Network user
  IDs.

  Example : http://example.com/en/admin/aggregate.asp");

  script_tag(name:"solution", value:"If this server is on an Internet segment (as opposed to
  internal), you may wish to tighten the access to the aggregate.asp page.");

  script_tag(name:"solution_type", value:"Mitigation");
  script_tag(name:"qod_type", value:"remote_analysis");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");

port = http_get_port(default:80);
if(!http_can_host_asp(port:port))
  exit(0);

url = "/en/admin/aggregate.asp";
req = http_get(item:url, port:port);
res = http_keepalive_send_recv(port:port, data:req);
if(!res)
  exit(0);

if("/css/rsg_admin_nav.css" >< res) {
  report = http_report_vuln_url(port:port, url:url);
  security_message(port:port, data:report);
  exit(0);
}

exit(99);

AI Score

7.2

Confidence

Low

JSON