Movable Type mt-check.cgi System Information Disclosure

medium Nessus Plugin ID 42842

Synopsis

A web application on the remote host may leak information.

Description

The Movable Type installation on the remote web server is leaking information via mt-check.cgi. This CGI determines if the Perl modules required by Movable Type are installed, and is only intended to be used prior to installation. It discloses path information, operating system type, Perl version, and the versions of several Perl modules. A remote attacker could use this information to mount further attacks.

Solution

Remove this file from the web server.

See Also

https://www.tenable.com/security/research/tra-2009-03

Plugin Details

Severity: Medium

ID: 42842

File Name: movabletype_mtcheckcgi_info_leak.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 11/18/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:sixapart:movable_type

Required KB Items: www/movabletype

Reference Information