2 Replies Latest reply on Apr 20, 2011 8:52 PM by musicguy

    Multiple Web Servers finger CGI Information Disclosure Vulnerability (False Positive?)

    craig.carrigan

      Has anyone had this pop up.

       

      the Information Foundstone gives out is

       

      Description

       

      An Information disclosure vulnerability is present i multiple web servers.

       

      VULNERABILITY DETAILS

      Name

      Multiple Web Servers finger CGI Information Disclosure Vulnerability

       

      Risk

      10

      Intrusive

      No

      Description

      An information disclosure vulnerability is present in multiple web servers.

      Observation

      Web servers are widely used to serve static and dynamic content and render it in the client's browser. An information disclosure vulnerability is present in multiple web servers. A flaw is present in cgi-bin, which is caused due to the presence of finger service. Successful exploitation could allow an attacker to gain sensitive information.

       

      Recommendation

      McAfee is currently unaware of a vendor-supplied patch or update (01/13/2011). 

       

      CVE

      CVE-MAP-NOMATCH

      SANS/FBI top 20

      No

      IAVA

      No

      FaultlineID 11043

       

      I can not figure out what Foundstone is detecting to cause this vulnerability. Finger is not enabled, nor is it even present in any CGI-Bin

       

      I have run Full Nessus Scans against these computers, and it does not return this error