Has anyone had this pop up.
the Information Foundstone gives out is
An Information disclosure vulnerability is present i multiple web servers.
Multiple Web Servers finger CGI Information Disclosure Vulnerability
An information disclosure vulnerability is present in multiple web servers.
Web servers are widely used to serve static and dynamic content and render it in the client's browser. An information disclosure vulnerability is present in multiple web servers. A flaw is present in cgi-bin, which is caused due to the presence of finger service. Successful exploitation could allow an attacker to gain sensitive information.
McAfee is currently unaware of a vendor-supplied patch or update (01/13/2011).
SANS/FBI top 20
I can not figure out what Foundstone is detecting to cause this vulnerability. Finger is not enabled, nor is it even present in any CGI-Bin
I have run Full Nessus Scans against these computers, and it does not return this error
The best thing for you to do on a suspected False Positive is to open up an SR so we can really investigate the issue.
I think this vulneability is False positive.
I have experience like that situation.
We are doing checking all about finger and CGI, but there isn't have any service.
After a month. FSL update list have this vul some change. (MArch/30/2011)
Risk Level is going down 10 to 3. So now "finger CGi vuln" is Low revel risk vuln.