Short Name |
APP:SUPERSCOUT-USERDB |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
APP |
Keywords |
SuperScout Web Reports Server User Database Access |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Webfilter for SuperScout Web Reports Server running on Microsoft Windows 2000 and NT. Attackers can use a simple GET request to obtain the user database (a txt file that contains user names and encrypted passwords) from the server.
SurfControl SuperScout WebFilter is web filtering software for Microsoft Windows operating systems. SurfControl SuperScout WebFilter includes a remotely accessible reporting service. It has been reported that SuperScout WebFilter insecurely stores some types of information. The reports server included as part of the SuperScout WebFilter package stores sensitive information in a publicly accessible, unrestricted directory. A remote user could gain access to user credentials.