|
| TC: | 11205 | |
| Description: | An NNTP server is enabled on the target system. It is possible to retrieve useful information in its banner, that could be used for further attacks. | |
| TC Impact: | Gather Info | |
| Service: | nntp |
| Vulnerability Publication: | Unknown | |
| Advisory Copyright: | Unknown | |
| Summary: | An attacker can gather information about the NNTP server type and its version and use it to prepare an attack. | |
| Risk: | Low | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None (Approximated from CVSS 1.0 metrics) | |
| CVSS 2.0 Base Score: | 0.0 (Approximated) |
| Vulnerability Impact: |
Gather Info |
|---|
| Host Impact: | Sensitive information can be gathered. | |
| Nature of Remediation: | Update the configuration. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Update Configuration ***** Update the service banner to avoid disclosure of sensitive information. |
| References: | ||
| The NNTP protocol is defined in RFC 977 http://www.ietf.org/rfc/rfc0977.txt |
| CVE Link: |
CVE-1999-0655 CVE-1999-0644 |
 |
|---|
| Glossary: |
Information Disclosure NNTP |
|---|