 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.105476 |
| Category: | Web application abuses |
| Title: | Dell Foundation Services 'SOAP WMI API' Remote Information Disclosure |
| Summary: | An issue in Dell Foundation Services can be exploited to leak; any data provided by the Windows Management Instrumentation (WMI). |
| Description: | Summary: An issue in Dell Foundation Services can be exploited to leak any data provided by the Windows Management Instrumentation (WMI). Vulnerability Insight: Dell Foundation Services starts an HTTPd that listens on port 7779. The previous service tag leak was fixed by removing the JSONP API. However, the webservice in question is still available. It is now a SOAP service, and all methods of that webservice can be accessed, not just the ServiceTagmethod. This affects hardware, installed software, running processes, installed services, accessible hard disks, filesystem metadata (filenames, file size, dates) and more. Affected Software/OS: Dell Foundation Services 3.0.700.0 is known to be affected. Solution: Update to a Dell Foundation Services 3.0.700.0 or later or uninstall the Dell Foundation services. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |