Short Name |
HTTP:LINUX:RPM-QUERY |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Caldera Linux rpm_query Disclosure |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects requests for the rpm_query CGI script used in Caldera OpenLinux 2.3. Attackers can obtain a list of names and versions of packages installed on the system.
A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpm_query. Any user can run this CGI and obtain a listing of the packages, and versions of packages, installed on this system. This could be used to determine vulnerabilities on the machine remotely.