Test ID:	1.3.6.1.4.1.25623.1.0.14306
Category:	Web application abuses
Title:	BasiliX Attachment Disclosure Vulnerability
Summary:	The remote web server contains a series of PHP scripts that are prone to;information disclosure.;;Description :;;The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default;under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone;with shell access on the affected system or who can place CGI files on it can access attachments uploaded to;BasiliX.
Description:	Summary: The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files on it can access attachments uploaded to BasiliX. Solution: Upgrade to BasiliX version 1.1.1 or later. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1711 BugTraq ID: 5065 http://www.securityfocus.com/bid/5065 Bugtraq: 20020618 BasiliX multiple vulnerabilities (Google Search) http://online.securityfocus.com/archive/1/277710 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html XForce ISS Database: basilix-webmail-view-attachments(9387) https://exchange.xforce.ibmcloud.com/vulnerabilities/9387
Copyright	Copyright (C) 2004 George A. Theall

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.